NVDA Dev & Test Toolbox 安全漏洞

NVDA Dev & Test Toolbox is a debugging and testing tool developed by Cyrille Bougot as an individual contributor. Versions 2.0 to 8.0 of NVDA Dev & Test Toolbox contain security vulnerabilities. These vulnerabilities stem from the log reader’s handling of Python expressions in log files in an...

CVE-2025-24359

CVE-2025-24359 affects the Python package asteval prior to 1.0.6. The root cause is in the handling of FormattedValue AST nodes in on_formattedvalue, which uses the dangerous Str.format path (fmt.format(fstring =val)). This can allow an attacker who controls input to bypass restrictions and execu...

CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

Druva inSync Mac OS Client Code Instruction Improper Neutralization Vulnerability

Druva inSync Client is a lightweight application for managing data backups and allowing collaboration with other users.Druva inSync Mac OS Client is the Mac OS version. Druva inSync Mac OS Client 6.5.0 suffers from an improperly neutralized instruction vulnerability in dynamic evaluation code. A...

CVE-2019-4000

Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges...

CVE-2019-4000

Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges...