CVE-2025-62225

Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

GHSA-JC85-FPWF-QM7X expr-eval does not restrict functions passed to the evaluate function

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...

expr-eval does not restrict functions passed to the evaluate function

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...

CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

Prototype Pollution

Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute...

CVE-2025-12735

Summary: CVE-2025-12735 affects the expr-eval JavaScript expression parser/evaluator. Insufficient input validation lets an attacker pass a crafted context object or leverage MEMBER of the context in evaluate(), enabling arbitrary code execution. This is a client-side JavaScript library vulnerabi...

CVE-2025-12735 CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

PT-2025-45148

Name of the Vulnerable Software and Affected Versions WSO2 Micro Integrator affected versions not specified WSO2 Enterprise Integrator affected versions not specified WSO2 API Manager affected versions not specified Description An arbitrary code execution issue exists due to insufficient...

Tenda AC8 DatabaseIniSet File Buffer Overflow Vulnerability

Tenda AC8 is a dual-band Gigabit wireless router from Tenda designed for home and small office environments. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from manipulating the Time parameter in the /goform/DatabaseIniSet file without properly validating the input...

Entr'ouvert Lasso lasso_node_impl_init_from_xml type confusion vulnerability

Talos Vulnerability Report TALOS-2025-2193 Entr'ouvert Lasso lassonodeimplinitfromxml type confusion vulnerability November 5, 2025 CVE Number CVE-2025-47151 SUMMARY A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A special...

Entrouvert Lasso 安全漏洞

Entrouvert Lasso is a single sign-on protocol implementation library open-sourced by Entrouvert France. A security vulnerability exists in Entrouvert Lasso version 2.5.1 and 2.8.2, which stems from a type confusion in the lassonodeimplinitfromxml function that could lead to the execution of...

WSO2多款产品 安全漏洞

WSO2 API Manager and other products are products of WSO2, Inc.WSO2 API Manager is an API lifecycle management solution.WSO2 Enterprise Integrator is an open source hybrid integration platform.WSO2 Micro Integrator is a distributed microservices integration layer.WSO2 Micro Integrator is a...

JavaScript Expression Evaluator 安全漏洞

JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from insufficient input validation and could lead to the execution of arbitrary code...

PT-2025-45064

Name of the Vulnerable Software and Affected Versions expr-eval versions prior to 3.0.0 expr-eval-fork versions prior to 3.0.0 Description The expr-eval library, a JavaScript expression parser and evaluator, is susceptible to remote code execution RCE. This issue stems from inadequate input...

CVE-2025-54496

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code...

CVE-2025-54526

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

CVE-2025-54496

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code...

CVE-2025-54526 Fuji Electric Monitouch V-SFT-6 Stack-based Buffer Overflow

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...

CVE-2025-54526 Fuji Electric Monitouch V-SFT-6 Stack-based Buffer Overflow

Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...