Arbitrary Code Execution(ACE)

Expr-eval is vulnerable to Arbitrary Code ExecutionACE. The vulnerability is due to insufficient input validation in the evaluate function, which allows an attacker to supply a crafted variables object and execute arbitrary code...

CVE-2025-12735

A vulnerability was discovered in the expr-eval npm package, a JavaScript library used to parse and evaluate mathematical expressions. The issue allows an attacker to define arbitrary functions within the context object used by the parser's evaluate method. By providing maliciously crafted input,...

GHSA-JC85-FPWF-QM7X expr-eval does not restrict functions passed to the evaluate function

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...

expr-eval does not restrict functions passed to the evaluate function

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...

CVE-2025-12735 CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

CVE-2025-12735 CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

EUVD-2012-5154

Malware in sbrugna...

Cobertura Plugin File Execution Vulnerability

Cobertura is an open source tool that measures test coverage by inspecting the underlying code and observing what code is and is not executed when the test package is run. Cobertura Plugin has a file execution vulnerability that can be exploited by remote attackers with the help of specially...

Cisco Enterprise Network Functions Virtualization Infrastructure Software Arbitrary File Write Vulnerability

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system OS of an affected device. The vulnerability is due to improper input...

CVE-2019-1894

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...

CVE-2019-1894 Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...

Cisco Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to improper input validation...

sudo: certain environment variables not sanitized when env_reset is disabled

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...