A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to re

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions o

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Expres

The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers

The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers,

The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of se