107 matches found
EUVD-2026-38415
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...
CVE-2026-12866
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...
CVE-2026-46442
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...
CVE-2026-32304
A flaw was found in Locutus, a JavaScript library that provides standard library functions. The createfunction function in Locutus passes user-supplied arguments and code directly to the JavaScript Function constructor without proper sanitization. This vulnerability allows a remote attacker to...
OSV-2025-1016 Use-of-uninitialized-value in js_create_function
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=471075808 Crash type: Use-of-uninitialized-value Crash state: jscreatefunction JSEvalInternal JSEvalObject...
OSV-2025-846 Use-of-uninitialized-value in js_create_function
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=453198741 Crash type: Use-of-uninitialized-value Crash state: jscreatefunction JSEvalInternal JSEvalObject...
EUVD-2017-2590
Malware in sbrugna...
EUVD-2008-1113
Malware in sbrugna...
EUVD-2010-3398
Malware in sbrugna...
EUVD-2017-14488
Malware in sbrugna...
EUVD-2016-6124
Malware in sbrugna...
EUVD-2022-28954
Malicious code in bioql PyPI...
EUVD-2022-2530
Malicious code in bioql PyPI...
EUVD-2025-30835
Malicious code in bioql PyPI...
EUVD-2022-7033
Malicious code in bioql PyPI...
EUVD-2023-41062
Malicious code in bioql PyPI...
CVE-2025-59434
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...