Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

NVD
NVDadded yesterday20 views

CVE-2026-12866

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...

9.8CVSS0.00454EPSS
Exploits0References3
OSV
OSVadded 2025/11/05 3:30 a.m.1 views

GHSA-JC85-FPWF-QM7X expr-eval does not restrict functions passed to the evaluate function

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...

8.6CVSS7.4AI score0.02152EPSS
Exploits0References11
Github Security Blog
Github Security Blogadded 2025/11/05 3:30 a.m.10 views

expr-eval does not restrict functions passed to the evaluate function

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...

9.8CVSS7.9AI score0.02152EPSS
Exploits0References12Affected Software2
OSV
OSVadded 2025/11/05 1:15 a.m.3 views

CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

9.8CVSS7.9AI score
Exploits0References9
Vulnrichment
Vulnrichmentadded 2025/11/05 12:22 a.m.2 views

CVE-2025-12735 CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

7.9AI score0.02152EPSS
Exploits0References7
Rows per page
Query Builder