41 matches found
Astra Linux - уязвимость в busybox
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...
CVE-2026-6652
CVE-2026-6652 affects Pagekit CMS up to version 1.0.18. The issue resides in the evaluate function of app/modules/view/src/PhpEngine.php within the StringStorage Template Handler, where improper neutralization of directives in dynamically evaluated code enables remote exploitation. Publicly avail...
CVE-2026-6652
A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...
PT-2026-28689
A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate augassign/evaluate call/evaluate with of the file src/smolagents/local python executor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible...
MajorDoMo 安全漏洞
MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a security vulnerability in MajorDoMo. This vulnerability stems from the admin method in the market module, which reads grmode from $REQUEST and assigns it to $this-mode. As a result, all...
PT-2026-7480
Name of the Vulnerable Software and Affected Versions Lucky Wheel Giveaway plugin for WordPress versions prior to 1.0.23 Description The Lucky Wheel Giveaway plugin for WordPress is susceptible to Remote Code Execution. This is due to the use of PHP’s eval function on user-controlled input withou...
Arbitrary Code Execution(ACE)
Expr-eval is vulnerable to Arbitrary Code ExecutionACE. The vulnerability is due to insufficient input validation in the evaluate function, which allows an attacker to supply a crafted variables object and execute arbitrary code...
CVE-2025-12735
A vulnerability was discovered in the expr-eval npm package, a JavaScript library used to parse and evaluate mathematical expressions. The issue allows an attacker to define arbitrary functions within the context object used by the parser's evaluate method. By providing maliciously crafted input,...
GHSA-JC85-FPWF-QM7X expr-eval does not restrict functions passed to the evaluate function
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...
expr-eval does not restrict functions passed to the evaluate function
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...
CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...
CVE-2025-12735
Summary: CVE-2025-12735 affects the expr-eval JavaScript expression parser/evaluator. Insufficient input validation lets an attacker pass a crafted context object or leverage MEMBER of the context in evaluate(), enabling arbitrary code execution. This is a client-side JavaScript library vulnerabi...
CVE-2025-12735 CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...
CVE-2025-12735 CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...
CVE-2023-39631
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...
SUSE CVE-2023-42364
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...
CVE-2023-42364
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...
DEBIAN-CVE-2023-42364
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...
AZL-34575 CVE-2023-42364 affecting package busybox for versions less than 1.36.1-7
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...
ALPINE-CVE-2023-42364
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...