Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2443 matches found

Node.js
Node.jsadded 2019/11/15 3:27 p.m.13 views

Sandbox Breakout / Arbitrary Code Execution

Overview All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through Error objects. This may allow attackers to execute arbitrary code in the system. Evaluating the payload function var ex = new Erro...

8AI score
Exploits0Affected Software1
CNVD
CNVDadded 2019/11/07 12:0 a.m.2 views

LibSass Uncontrolled Recursion Vulnerability

LibSass is a C/C++ implementation of the Sass compiler. An uncontrolled recursion vulnerability exists in Sass::Eval::operator in eval.cpp in LibSass 3.6.1. No detailed vulnerability details are provided at this time...

6.5CVSS6.9AI score0.00203EPSS
Exploits1References1
OSV
OSVadded 2019/11/06 4:15 p.m.19 views

CVE-2019-18797

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operatorSass::BinaryExpression in eval.cpp...

6.5CVSS6.7AI score
Exploits0References1
Cvelist
Cvelistadded 2019/11/06 3:7 p.m.17 views

CVE-2019-18797

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operatorSass::BinaryExpression in eval.cpp...

7.1AI score0.00203EPSS
Exploits1References1
NVD
NVDadded 2019/11/04 9:15 p.m.10 views

CVE-2013-4409

An eval vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests...

9.8CVSS9.5AI score0.01166EPSS
Exploits0References10
PyPA
PyPAadded 2019/11/04 9:15 p.m.4 views

PYSEC-2019-175

An eval vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests...

9.8CVSS7AI score0.01166EPSS
Exploits0References10Affected Software1
Cvelist
Cvelistadded 2019/11/04 8:45 p.m.12 views

CVE-2013-4409

An eval vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests...

9.4AI score0.01166EPSS
Exploits0References10
CVE
CVEadded 2019/11/04 8:45 p.m.62 views

CVE-2013-4409

CVE-2013-4409 involves an eval() vulnerability in Python DJblets and Beanbag Review Board when parsing JSON requests. Connected sources confirm a code-execution risk in Djblets around 0.7.x and Review Board prior to 1.7.15, with variants mentioning older sub-versions (e.g., 0.6.30/0.7.0 lines) an...

9.8CVSS9.2AI score0.01166EPSS
Exploits0References10Affected Software2
OSV
OSVadded 2019/10/21 9:58 p.m.18 views

GHSA-R3X4-WR4H-PW33 Sandbox Breakout / Arbitrary Code Execution in safer-eval

Versions of safer-eval prior to 1.3.4 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. For example, evaluating he string console.constructor.constructor'return process'.env prints process.e...

9.9CVSS10AI score0.00967EPSS
Exploits1References3
vulnersOsv
vulnersOsvadded 2019/10/21 9:58 p.m.0 views

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2019-10759 via safer-eval (=1.2.3)

safer-eval NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on safer-eval and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2019-10759 Source advisory: OSV:GHSA-R3X4-WR4H-PW33...

9.9CVSS7.3AI score0.00967EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2019/10/21 9:58 p.m.22 views

Sandbox Breakout / Arbitrary Code Execution in safer-eval

Versions of safer-eval prior to 1.3.4 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. For example, evaluating he string console.constructor.constructor'return process'.env prints process.e...

9.9CVSS5.1AI score0.00967EPSS
Exploits1References4Affected Software1
Exploit DB
Exploit DBadded 2019/10/18 12:0 a.m.2311 views

Joomla! 3.4.6 - Remote Code Execution

Exploit Title: Joomla! 3.4.6 - Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A Technical details:...

7.4AI score
Exploits0
Node.js
Node.jsadded 2019/10/17 8:17 p.m.15 views

Sandbox Breakout / Arbitrary Code Execution

Overview All versions of safer-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. It is possible to escape the sandbox by forcing exceptions recursively in the evaluated code. This may allow attacker to execute arbitrary code in the system. Recommendation The package is not...

8.1AI score
Exploits0Affected Software1
OSV
OSVadded 2019/10/17 6:27 p.m.15 views

GHSA-HGCH-JJMR-GP7W Sandbox Breakout / Arbitrary Code Execution in safer-eval

Versions of safer-eval before 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. Recommendation Upgrade to version 1.3.2...

9.9CVSS10AI score0.10849EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2019/10/17 6:27 p.m.22 views

Sandbox Breakout / Arbitrary Code Execution in safer-eval

Versions of safer-eval before 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. Recommendation Upgrade to version 1.3.2...

9.9CVSS5.6AI score0.10849EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsvadded 2019/10/17 6:27 p.m.1 views

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2019-10760 via safer-eval (=1.2.3)

safer-eval NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on safer-eval and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2019-10760 Source advisory: OSV:GHSA-HGCH-JJMR-GP7W...

9.9CVSS7.2AI score0.10849EPSS
Exploits0
OSV
OSVadded 2019/10/16 12:15 p.m.0 views

UBUNTU-CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS7.9AI score0.16839EPSS
Exploits1References4
Cvelist
Cvelistadded 2019/10/16 11:29 a.m.18 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8AI score0.16839EPSS
Exploits1References14
Vulnrichment
Vulnrichmentadded 2019/10/16 11:29 a.m.13 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

7.8AI score0.16839EPSS
Exploits1References14
Veracode
Veracodeadded 2019/10/16 4:37 a.m.14 views

Prototype Pollution

safer-eval is vulnerable to prototype pollution. A lack of validation allows an attacker to inject arbitrary objects using Object.constructor to execute arbitrary code...

9.9CVSS4.5AI score0.00967EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder