Lucene search
+L

169 matches found

nvd
nvd
added 3 days ago8 views

CVE-2026-15512

A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to...

6.5CVSS0.00376EPSS
Exploits0References5
cve
cve
added 4 days ago14 views

CVE-2026-15512

CVE-2026-15512 affects pig-mesh Pig up to 3.9.2. The issue lies in pig-codegen, specifically GeneratorServiceImpl.java, where certain manipulation leads to code injection. The vulnerability appears exploitable remotely, with a publicly available exploit. The vendor was contacted early but did not...

6.5CVSS6.3AI score0.00376EPSS
Exploits0References5
cvelist
cvelist
added 4 days ago37 views

CVE-2026-15512 pig-mesh Pig pig-codegen GeneratorServiceImpl.java code injection

A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\service\impl\GeneratorServiceImpl.java of the component pig-codegen. Such manipulation leads to...

6.5CVSS0.00376EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.23 views

PT-2026-50902

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An incorrect conversion between numeric types occurs in NI grpc-device due to missing range checks in CodeGen. This issue may result in the silent discarding of high bits if a size value...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References6
osv
osv
added 2026/06/15 8:13 p.m.7 views

GHSA-PR59-H9PH-3FR8 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...

8.2CVSS5.6AI score0.00228EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.12 views

CVE-2026-41507

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

9.8CVSS5.9AI score0.00393EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2026/05/12 3:6 p.m.8 views

protobufjs-mod (=6.8.2) potentially affected by CVE-2026-44294 via @protobufjs/codegen (=2.0.4)

@protobufjs/codegen NPM version =2.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @protobufjs/codegen and may be impacted: - protobufjs-mod =6.8.2 Source cves: CVE-2026-44294 Source advisory: SNYK:JS-PROTOBUFJSCODEGEN-16643292...

5.3CVSS5.8AI score0.00431EPSS
Exploits0
nvd
nvd
added 2026/05/08 2:16 p.m.12 views

CVE-2026-41507

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

9.8CVSS0.00393EPSS
Exploits0References3
euvd
euvd
added 2026/05/08 1:49 p.m.14 views

EUVD-2026-28597

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

9.8CVSS6.1AI score0.00393EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/08 1:49 p.m.14 views

CVE-2026-41507 Remote Code Execution (RCE) via String Literal Injection into math-codegen

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

9.8CVSS6.1AI score0.00393EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.10 views

math-codegen 代码注入漏洞

Math-CodeGen is an interpreter developed by Mauricio Poppe that generates JavaScript code from mathematical expressions. Versions of Math-CodeGen prior to 0.4.3 contained a code injection vulnerability. This vulnerability stemmed from the cg.parse function not properly cleaning string literal...

9.8CVSS6AI score0.00393EPSS
Exploits0References1
fedora
fedora
added 2026/04/30 1:30 a.m.11 views

[SECURITY] Fedora 42 Update: binaryen-126-1.fc42

Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form bu...

7.1CVSS5.5AI score0.00181EPSS
Exploits1
fedora
fedora
added 2026/04/30 1:21 a.m.10 views

[SECURITY] Fedora 43 Update: binaryen-126-1.fc43

Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form bu...

7.1CVSS5.5AI score0.00181EPSS
Exploits1
githubexploit
githubexploit
added 2026/04/18 4:23 p.m.382 views

CVE-protobufjs-GHSA-xq3m-2v4x-88gg

GHSA-xq3m-2v4x-88gg: protobuf.js Remote Code Execution Critic...

6.7AI score
Exploits0
vulnersosv
vulnersosv
added 2026/04/17 10:31 p.m.9 views

org.webjars.npm:built-in-math-eval (=0.3.0), org.webjars.npm:interval-arithmetic-eval (=0.4.6) potentially affected by CVE-2026-41507 via org.webjars.npm:math-codegen (=0.3.5)

org.webjars.npm:math-codegen MAVEN version =0.3.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:math-codegen and may be impacted: - org.webjars.npm:built-in-math-eval =0.3.0 - org.webjars.npm:interval-arithmetic-eval =0.4.6 Source cve...

9.8CVSS5.8AI score0.00393EPSS
Exploits0
snyk
snyk
added 2026/04/17 10:31 p.m.10 views

Arbitrary Code Injection

Overview org.webjars.npm:math-codegen is a Generates code from mathematical expressions Affected versions of this package are vulnerable to Arbitrary Code Injection via the parse function. An attacker can execute arbitrary code by supplying crafted input that is injected directly into a dynamical...

9.8CVSS6.2AI score0.00393EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/04/17 10:31 p.m.6 views

built-in-math-eval (>=0.1.0 <=0.3.1), function-plot (>=1.0.0 <=1.14.0) +1 more potentially affected by CVE-2026-41507 via math-codegen (>=0.2.5 <=0.4.2)

math-codegen NPM version =0.2.5, =0.1.0, =1.0.0, =0.2.0, =0.5.2 Source cves: CVE-2026-41507 Source advisory: SNYK:JS-MATHCODEGEN-16420747...

9.8CVSS5.8AI score0.00393EPSS
Exploits0
snyk
snyk
added 2026/04/17 10:31 p.m.9 views

Arbitrary Code Injection

Overview math-codegen is a Generates code from mathematical expressions Affected versions of this package are vulnerable to Arbitrary Code Injection via the parse function. An attacker can execute arbitrary code by supplying crafted input that is injected directly into a dynamically created...

9.8CVSS6.2AI score0.00393EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/04/17 10:31 p.m.8 views

built-in-math-eval (>=0.1.0 <=0.3.1), function-plot (>=1.0.0 <=1.14.0) +1 more potentially affected by CVE-2026-41507 via math-codegen (>=0.2.5 <=0.4.2)

math-codegen NPM version =0.2.5, =0.1.0, =1.0.0, =0.2.0, =0.5.2 Source cves: CVE-2026-41507 Source advisory: OSV:GHSA-P6X5-P4XF-CC4R...

9.8CVSS5.8AI score0.00393EPSS
Exploits0
osv
osv
added 2026/04/17 10:31 p.m.11 views

GHSA-P6X5-P4XF-CC4R Remote Code Execution (RCE) via String Literal Injection into math-codegen

Impact String literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the parser. Any application exposing a math evaluation endpoint where user input flo...

9.8CVSS6.1AI score0.00393EPSS
Exploits0References6
Rows per page
Query Builder