ROOT-APP-NPM-CVE-2025-13204 CVE-2025-13204 in @rootio/expr-eval - Patched by Root

Root has patched CVE-2025-13204 in the @rootio/expr-eval package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-12735 CVE-2025-12735 in @rootio/expr-eval - Patched by Root

Root has patched CVE-2025-12735 in the @rootio/expr-eval package for Root:npm. Multiple fixed versions available...

1byte-react-design (>=1.7.1 <=1.14.0), @agentscope-ai/chat (>=1.1.43 <=1.1.63-beta.1778041790294) +237 more potentially affected by unknown CVE via @antv/expr (=1.0.2)

@antv/expr NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/expr and may be impacted: - 1byte-react-design =1.7.1, =1.1.43, =1.0.1, =0.14.3, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =5.1.5, =0.1.6, =0.1.0, =0.1.0,...

Malicious code in @antv/expr (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Authentication Bypass

Milvus is vulnerable to Authentication Bypass. The vulnerability is due to unauthenticated exposure of the management port 9091 and use of a weak predictable token for the /expr debug endpoint, allowing attackers to access REST API operations, execute arbitrary expressions, and perform unauthoriz...

ROOT-APP-GOBINARY-CVE-2025-68156 CVE-2025-68156 in rootio-github.com/expr-lang/expr - Patched by Root

Root has patched CVE-2025-68156 in the rootio-github.com/expr-lang/expr package for Root:Go. Multiple fixed versions available...

CVE-2026-24072

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

Exploit for Use After Free in Linux Linux_Kernel

CVE-2022-32250-Linux-Kernel-LPE Demo Video https://www.yo...

CVE-2026-35378

A flaw was found in the expr utility of uutils coreutils. A logic error in how the utility evaluates parenthesized subexpressions prevents proper short-circuiting for logical OR and AND operations. This can lead to arithmetic errors, such as division by zero, in parts of expressions that should b...

EUVD-2026-25032

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

CVE-2026-35378

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

CVE-2026-35378

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

CVE-2026-35378 uutils coreutils expr Local Denial of Service via Eager Evaluation of Parenthesized Subexpressions

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

PT-2026-34514

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from a logical error in the expr function. This error causes the subexpressions within parentheses to be evaluated during the parsing phase rather...

Linux Distros Unpatched Vulnerability : CVE-2026-35378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the...

Security Bulletin: Expr Built-in Functions Recursion DoS Vulnerability (Fixed in v1.17.7) affects watsonx.data

Summary Expr prior to v1.17.7 is vulnerable to a Denial-of-Service DoS due to unbounded recursion in certain built-in functions, which can cause stack overflow and application crashes when processing deeply nested or cyclic data. Fixed in v1.17.7. This can affect watsonx.data. Vulnerability Detai...

SUSE CVE-2026-34714

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %expr injection occurs with tabpanel lacking PMLE...

EUVD-2026-17160

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %expr injection occurs with tabpanel lacking PMLE...

ALPINE-CVE-2026-34714

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %expr injection occurs with tabpanel lacking PMLE...