VYPR
Vendor

Express

Products
1
CVEs
17
Across products
17
Status
Private

Products

1

Recent CVEs

17
  • CVE-2018-15490HigJan 2, 2019
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over…

  • CVE-2026-27508MedMar 30, 2026
    risk 0.35cvss 5.4epss 0.00

    Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript…

  • CVE-2026-26352MedMar 30, 2026
    risk 0.35cvss 5.4epss 0.00

    Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration…

  • CVE-2024-10491MedOct 29, 2024
    risk 0.26cvss 4.0epss 0.00

    A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of…

  • CVE-2019-25395Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the preferences.cgi script that allow attackers to inject malicious scripts through the HOSTNAME, KEYMAP, and OPENNESS parameters. Attackers can submit POST requests…

  • CVE-2019-25394Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP,…

  • CVE-2019-25393Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation. Attackers can submit POST requests to the smoothinfo.cgi…

  • CVE-2019-25392Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the IP parameter. Attackers can send POST requests to the iptools.cgi endpoint with script…

  • CVE-2019-25390Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREEN_ADDRESS, GREEN_NETMASK, RED_DHCP_HOSTNAME,…

  • CVE-2019-25389Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the MACHINES parameter. Attackers can craft requests to the timedaccess.cgi endpoint with…

  • CVE-2019-25387Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the…

  • CVE-2019-25384Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in…

  • CVE-2019-25383Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script…

  • CVE-2019-25382Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTP_SERVER parameter. Attackers can send POST requests to the time.cgi endpoint with…

  • CVE-2019-25381Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint…

  • CVE-2019-25378Feb 16, 2026
    risk 0.00cvss epss 0.00

    Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and…

  • CVE-2014-6887Oct 11, 2014
    risk 0.00cvss epss 0.00

    The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.