103 matches found
CVE-2026-32304
A flaw was found in Locutus, a JavaScript library that provides standard library functions. The createfunction function in Locutus passes user-supplied arguments and code directly to the JavaScript Function constructor without proper sanitization. This vulnerability allows a remote attacker to...
OSV-2025-1016 Use-of-uninitialized-value in js_create_function
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=471075808 Crash type: Use-of-uninitialized-value Crash state: jscreatefunction JSEvalInternal JSEvalObject...
OSV-2025-846 Use-of-uninitialized-value in js_create_function
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=453198741 Crash type: Use-of-uninitialized-value Crash state: jscreatefunction JSEvalInternal JSEvalObject...
EUVD-2008-1113
Malware in sbrugna...
EUVD-2017-14488
Malware in sbrugna...
EUVD-2016-6124
Malware in sbrugna...
EUVD-2010-3398
Malware in sbrugna...
EUVD-2017-2590
Malware in sbrugna...
EUVD-2023-41062
Malicious code in bioql PyPI...
EUVD-2022-2530
Malicious code in bioql PyPI...
EUVD-2022-28954
Malicious code in bioql PyPI...
EUVD-2025-30835
Malicious code in bioql PyPI...
EUVD-2022-7033
Malicious code in bioql PyPI...
CVE-2025-59434
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
CVE-2025-59434
Flowise Cloud prior to August 2025 was vulnerable to a cross-tenant data exposure through the Custom JavaScript Function node, allowing authenticated users on the free tier to access environment variables from other tenants (e.g., OpenAI keys, cloud credentials, and tokens). The issue has been pa...
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
CVE-2025-55620
A cross-site scripting XSS vulnerability in the valuateJavascript function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE
A prototype pollution vulnerability exists in @nyariv/sandboxjs versions = 0.8.23, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can result in a denial-of-service DoS condition or, under certain conditions, escape the sandboxed environme...