CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

CVE-2025-13204 CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

EUVD-2025-197614

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

CVE-2025-13204 CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

CVE-2024-42749

Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script...

CVE-2025-11918 Rockwell Automation Arena® Simulation Stack-Based Buffer Overflow Vulnerability

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability...

Arbitrary Code Execution(ACE)

Expr-eval is vulnerable to Arbitrary Code ExecutionACE. The vulnerability is due to insufficient input validation in the evaluate function, which allows an attacker to supply a crafted variables object and execute arbitrary code...

CVE-2025-60695

A stack-based buffer overflow vulnerability exists in the mtkdut binary of Linksys E7350 routers Firmware 1.1.00.032. The function sub4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary...

CVE-2025-60674

A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127...

CVE-2025-60679

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2FWv1.10CNB05R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated usin...

Adobe InDesign Desktop Heap Buffer Overflow Vulnerability (CNVD-2025-28657)

Adobe InDesign Desktop is a page layout software from the American company Audobee Adobe. Adobe InDesign Desktop suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

Rockwell Automation Arena 安全漏洞

Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. Rockwell Automation Arena suffers from a stack buffer overflow vulnerability that originates when the program fails to properly validate the length and size of input data, which could be...

PT-2025-46975

Name of the Vulnerable Software and Affected Versions npm package expr-eval affected versions not specified Description The npm package expr-eval is susceptible to a Prototype Pollution issue. An attacker who can access the express eval interface may leverage the JavaScript prototype-based...

Adobe Illustrator on iPads Heap Buffer Overflow Vulnerability

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Illustrator on iPads, which can be exploited by an attacker to cause arbitrary code to be executed in the context of the current...

Microsoft Office Code Execution Vulnerability (CNVD-2025-29929)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

WordPress plugin Creta Testimonial Showcase 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Adobe Illustrator on iPad Integer Dive Vulnerability

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator on iPad suffers from an integer sneak vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

Adobe Format Plugins Heap Buffer Overflow Vulnerability

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

Adobe Format Plugins Heap Buffer Overflow Vulnerability (CNVD-2025-28639)

Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

Adobe Illustrator on iPad Heap Buffer Overflow Vulnerability

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Illustrator on iPad, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...