43 matches found
CVE-2026-0685
Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...
CVE-2026-12866
A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...
CVE-2026-12866
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...
PT-2026-51474
Name of the Vulnerable Software and Affected Versions expr-eval affected versions not specified Description Code Execution is possible via the 'toJSFunction' API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function...
PT-2026-47660
An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...
Spring Framework Denial of Service via Integer Overflow in SpEL Expressions
An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Specifically, an application i...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...
CVE-2026-4645
An issue in the github.com/antchfx/xpath component allows a remote attacker to submit crafted Boolean XPath expressions that evaluate to true, triggering an infinite loop in the logicalQuery.Select function and causing 100% CPU utilization and a Denial of Service (DoS) on affected systems. CVSS v...
CVE-2026-26940
Improper Validation of Specified Quantity in Input CWE-1284 in the Timelion visualization plugin in Kibana can lead Denial of Service via Excessive Allocation CAPEC-130. The vulnerability allows an authenticated user to send a specially crafted Timelion expression that overwrites internal series...
CVE-2026-27577
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...
CVE-2026-27577
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...
n8n Node.js Package < 1.123.17 / 2.x < 2.5.2 Expression Escape Leading to RCE (CVE-2026-25049)
The version of the n8n Node.js Package installed on the remote host is prior to 1.123.17, or 2.x prior to 2.5.2. It is, therefore, affected by a remote code execution vulnerability: - An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow...
CVE-2026-25049
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...
n8n Has Expression Escape Vulnerability Leading to RCE
Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...
CVE-2026-25049
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...
PT-2026-6259
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.17 n8n versions prior to 2.5.2 Description n8n is an open-source workflow automation platform. An authenticated user with permission to create or modify workflows can exploit crafted expressions in workflow paramete...
Code Execution
Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because...
MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.232.b09-0.el7 (AXSA:2019-4346:06)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4346:06 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...
JLSEC-2025-91 Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a lo...
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...
EUVD-2015-8270
Malware in sbrugna...