| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33807 | @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes | fastify | @fastify/express | Critical | 9.1 | 2026-04-15 09:52:27 | Deep Dive |
| CVE-2026-33808 | @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons) | fastify | @fastify/express | 中危 | - | 2026-04-15 09:29:46 | Deep Dive |
| CVE-2026-34899 | WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.2.1 - Broken Access Control vulnerability | Eniture technology | LTL Freight Quotes – Worldwide Express Edition | Medium | 5.3 | 2026-04-07 08:31:37 | Deep Dive |
| CVE-2026-27508 | Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter | Smoothwall | Express | Medium | 5.4 | 2026-03-30 16:51:50 | Deep Dive |
| CVE-2026-26352 | Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter | Smoothwall | Express | Medium | 5.4 | 2026-03-30 16:49:17 | Deep Dive |
| CVE-2026-33979 | Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk) | AhmedAdelFahim | express-xss-sanitizer | High | 8.2 | 2026-03-27 21:29:20 | Deep Dive |
| CVE-2019-25618 | AdminExpress 1.2.5 Denial of Service via System Compare | Admin-Express | AdminExpress | Medium | 6.2 | 2026-03-22 13:38:50 | Deep Dive |
| CVE-2019-25612 | Admin Express 1.2.5.485 Local SEH Buffer Overflow via Folder Path | Admin-Express | Admin-Express | High | 7.8 | 2026-03-22 13:38:46 | Deep Dive |
| CVE-2026-4171 | CodeGenieApp serverless-express API Endpoint TodoList.ts authorization | CodeGenieApp | serverless-express | Medium | 6.3 | 2026-03-15 08:02:08 | Deep Dive |
| CVE-2026-3992 | CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection | CodeGenieApp | serverless-express | Medium | 6.3 | 2026-03-12 05:32:10 | Deep Dive |
| CVE-2026-20117 | Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities | Cisco | Cisco Unified Contact Center Express | Medium | 6.1 | 2026-03-11 16:31:27 | Deep Dive |
| CVE-2026-20116 | Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities | Cisco | Cisco Unified Contact Center Express | Medium | 6.1 | 2026-03-11 16:31:23 | Deep Dive |
| CVE-2026-30827 | express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting (all IPv4 clients share one bucket on dual-stack servers) | express-rate-limit | express-rate-limit | High | 7.5 | 2026-03-07 05:19:08 | Deep Dive |
| CVE-2026-27739 | Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline | angular | angular-cli | - | - | 2026-02-25 16:47:30 | Deep Dive |
| CVE-2019-25395 | Smoothwall Express 3.1 'preferences.cgi' Cross-Site Scripting | Smoothwall | Smoothwall Express | High | 7.2 | 2026-02-16 17:05:08 | Deep Dive |
| CVE-2019-25394 | Smoothwall Express 3.1 'modem.cgi' Cross-Site Scripting | Smoothwall | Smoothwall Express | High | 7.2 | 2026-02-16 17:05:07 | Deep Dive |
| CVE-2019-25393 | Smoothwall Express 3.1 'smoothinfo.cgi' Cross-Site Scripting | Smoothwall | Smoothwall Express | Medium | 6.1 | 2026-02-16 17:05:06 | Deep Dive |
| CVE-2019-25392 | Smoothwall Express 3.1 'iptools.cgi' Cross-Site Scripting | Smoothwall | Smoothwall Express | Medium | 6.1 | 2026-02-16 17:05:05 | Deep Dive |
| CVE-2019-25390 | Smoothwall Express 3.1 'interfaces.cgi' Cross-Site Scripting | Smoothwall | Smoothwall Express | Medium | 5.4 | 2026-02-16 17:05:04 | Deep Dive |
| CVE-2019-25389 | Smoothwall Express 3.1 'timedaccess.cgi' Cross-Site Scripting | Smoothwall | Smoothwall Express | Medium | 6.1 | 2026-02-16 17:05:03 | Deep Dive |