express 4

• LDAP Injection – Hidden Registrar Archive Disclosure | Saint Croix University May 15, 2026
• Broken Access Control – Role Manipulation via User Registration | Tanuki Apr 28, 2026
• Command Injection – Remote Code Execution via rollOptions Parameter | Diceforge Apr 26, 2026
• File Inclusion – Arbitrary File Read via Image Endpoint | Ottergram Apr 25, 2026