200 matches found
CVE-2026-12866
A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...
CVE-2026-12866
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...
CVE-2026-12866
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...
CVE-2026-12866
The CVE-2026-12866 entry concerns the npm package expr-eval. Affected versions are vulnerable to Code Execution via the toJSFunction() API, where user-supplied expressions are transformed into executable JavaScript with new Function(), allowing an attacker to escape the sandbox and run arbitrary ...
PT-2026-51474
Name of the Vulnerable Software and Affected Versions expr-eval affected versions not specified Description Code Execution is possible via the 'toJSFunction' API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function...
ROOT-APP-GOBINARY-CVE-2025-68156 CVE-2025-68156 in rootio-github.com/expr-lang/expr - Patched by Root
Root has patched CVE-2025-68156 in the rootio-github.com/expr-lang/expr package for Root:Go. Multiple fixed versions available...
JLSEC-2026-592
An issue was discovered in yasm version 1.3.0. There is a use-after-free in exprtraversenodespost in libyasm/expr.c...
ROOT-APP-NPM-CVE-2025-12735 CVE-2025-12735 in @rootio/expr-eval - Patched by Root
Root has patched CVE-2025-12735 in the @rootio/expr-eval package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-13204 CVE-2025-13204 in @rootio/expr-eval - Patched by Root
Root has patched CVE-2025-13204 in the @rootio/expr-eval package for Root:npm. Multiple fixed versions available...
Malicious code in @antv/expr (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
1byte-react-design (>=1.7.1 <=1.14.0), @aaf-comp/graph-widget (>=1.0.0 <=1.0.3) +250 more potentially affected by unknown CVE via @antv/expr (=1.0.2)
@antv/expr NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/expr and may be impacted: - 1byte-react-design =1.7.1, =1.0.0, =1.1.43, =1.0.1, =0.14.3, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =5.1.5, =0.1.6, =0.1.0,...
1byte-react-design (>=1.7.1 <=1.14.0), @aaf-comp/graph-widget (>=1.0.0 <=1.0.3) +250 more potentially affected by unknown CVE via @antv/expr (=1.0.2)
@antv/expr NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/expr and may be impacted: - 1byte-react-design =1.7.1, =1.0.0, =1.1.43, =1.0.1, =0.14.3, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =5.1.5, =0.1.6, =0.1.0,...
Authentication Bypass
Milvus is vulnerable to Authentication Bypass. The vulnerability is due to unauthenticated exposure of the management port 9091 and use of a weak predictable token for the /expr debug endpoint, allowing attackers to access REST API operations, execute arbitrary expressions, and perform unauthoriz...
CVE-2026-24072
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
Exploit for Use After Free in Linux Linux_Kernel
CVE-2022-32250-Linux-Kernel-LPE Demo Video https://www.yo...
CVE-2026-35378
A flaw was found in the expr utility of uutils coreutils. A logic error in how the utility evaluates parenthesized subexpressions prevents proper short-circuiting for logical OR and AND operations. This can lead to arithmetic errors, such as division by zero, in parts of expressions that should b...
EUVD-2026-25032
A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...
CVE-2026-35378
A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...
CVE-2026-35378 uutils coreutils expr Local Denial of Service via Eager Evaluation of Parenthesized Subexpressions
A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...
CVE-2026-35378
A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...