Lucene search
K

9309 matches found

Snyk
Snyk
added 2025/11/13 8:43 p.m.2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-expression is a WebJar for vega-expression. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

8.1CVSS5.5AI score0.00334EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/11/13 8:43 p.m.6 views

@omni-co/vega-lite (>=6.2.0-fork.2 <=6.2.0-fork.2-beta.2), arakawa (=0.1.0-alpha.1) +3 more potentially affected by CVE-2025-59840 via vega-expression (=6.0.0)

vega-expression NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on vega-expression and may be impacted: - @omni-co/vega-lite =6.2.0-fork.2, =6.0.0, =6.0.0, =6.0.0, =6.3.1 Source cves: CVE-2025-59840 Source advisory:...

8.1CVSS6AI score0.00334EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/13 8:43 p.m.7 views

@0xgg/echomd (>=1.0.2 <=1.0.4), @ajuhos/malloy-tests (>=0.0.332 <=0.0.334) +169 more potentially affected by CVE-2025-59840 via vega-expression (>=5.0.1 <=5.1.2)

vega-expression NPM version =5.0.1, =1.0.2, =0.0.332, =0.0.332, =1.1.5, =0.4.1-canary.195, =0.1.0, =3.0.0, =0.0.2, =0.0.1, =0.0.5, =0.0.1, =0.0.8 and more Source cves: CVE-2025-59840 Source advisory: SNYK:JS-VEGAEXPRESSION-13961124...

8.1CVSS6.5AI score0.00334EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/13 8:43 p.m.7 views

org.webjars.npm:vega-selections (>=5.1.0 <=5.6.0), org.webjars.npm:vega-typings (>=0.22.0 <=0.22.3) potentially affected by CVE-2025-59840 via org.webjars.npm:vega-expression (>=2.7.0 <=5.2.0)

org.webjars.npm:vega-expression MAVEN version =2.7.0, =5.1.0, =0.22.0, =0.22.3 Source cves: CVE-2025-59840 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-13961290...

8.1CVSS6AI score0.00334EPSS
Exploits0
EUVD
EUVD
added 2025/11/13 6:31 p.m.6 views

EUVD-2025-175318

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS6.8AI score0.00256EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/13 3:7 p.m.4 views

CVE-2025-62484 Zoom Workplace Clients - Inefficient Regular Expression Complexity

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS6.9AI score0.00256EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2020-8492)

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. This plugin...

7.1CVSS6.8AI score0.06617EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.6 views

PT-2025-46839

Name of the Vulnerable Software and Affected Versions Zoom Workplace Clients versions prior to 6.5.10 Description An inefficient regular expression complexity in certain Zoom Workplace Clients may allow an unauthenticated user to conduct an escalation of privilege via network access. The issue...

9.8CVSS6.9AI score0.00256EPSS
Exploits0References6
OSV
OSV
added 2025/11/12 9:56 p.m.6 views

CVE-2025-40206 netfilter: nft_objref: validate objref and objrefmap expressions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...

6.2AI score0.00166EPSS
Exploits0References7
Veracode
Veracode
added 2025/11/11 10:21 a.m.7 views

Remote Code Execution (RCE)

cn.hutool, hutool-extra is vulnerable to remote code execution RCE. The vulnerability is due to improper expression handling in the QLExpressEngine class, which allows an attacker to execute arbitrary expressions leading to arbitrary method invocation and potential remote code execution...

6.5CVSS8.4AI score0.00315EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/11/10 7:1 a.m.7 views

Regular Expression Denial Of Service (ReDoS)

sinatra is vulnerable to Denial-Of-Service. The vulnerability is due to inefficient header parsing when the etag method is used, allowing attackers to send crafted headers that consume excessive CPU time and cause denial of service...

7.5CVSS6.9AI score0.00448EPSS
Exploits1References10Affected Software1
Fedora
Fedora
added 2025/11/10 12:47 a.m.7 views

[SECURITY] Fedora 43 Update: rust-regex-1.12.2-1.fc43

An implementation of regular expressions for Rust. This implementation uses finite automata and guarantees linear time matching on all inputs...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/06 1:7 a.m.4 views

CVE-2025-12735

A vulnerability was discovered in the expr-eval npm package, a JavaScript library used to parse and evaluate mathematical expressions. The issue allows an attacker to define arbitrary functions within the context object used by the parser's evaluate method. By providing maliciously crafted input,...

9.8CVSS7.8AI score0.02199EPSS
Exploits0References8
OSV
OSV
added 2025/11/05 3:30 a.m.2 views

GHSA-JC85-FPWF-QM7X expr-eval does not restrict functions passed to the evaluate function

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...

8.6CVSS7.4AI score0.02199EPSS
Exploits0References11
NVD
NVD
added 2025/11/05 1:15 a.m.6 views

CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

9.8CVSS0.02199EPSS
Exploits0References9
OSV
OSV
added 2025/11/05 1:15 a.m.4 views

CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

9.8CVSS7.9AI score
Exploits0References9
Snyk
Snyk
added 2025/11/05 12:52 a.m.3 views

Prototype Pollution

Overview org.webjars.npm:expr-eval is a WebJar for expr-eval Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute arbitrary JavaScript code by providin...

9.8CVSS8.5AI score0.02199EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/05 12:52 a.m.4 views

Prototype Pollution

Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute arbitrary JavaScript code by providing...

9.8CVSS8.1AI score0.02199EPSS
Exploits0References3
CVE
CVE
added 2025/11/05 12:22 a.m.457 views

CVE-2025-12735

Summary: CVE-2025-12735 affects the expr-eval JavaScript expression parser/evaluator. Insufficient input validation lets an attacker pass a crafted context object or leverage MEMBER of the context in evaluate(), enabling arbitrary code execution. This is a client-side JavaScript library vulnerabi...

9.8CVSS7.9AI score0.02199EPSS
Exploits0References9Affected Software2
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.3 views

JavaScript Expression Evaluator 安全漏洞

JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from insufficient input validation and could lead to the execution of arbitrary code...

9.8CVSS7.6AI score0.02199EPSS
Exploits0References8
Rows per page
Query Builder