Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/06/23 5:0 a.m.57 views

CVE-2026-12866

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...

9.8CVSS0.00469EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.18 views

PT-2026-51474

Name of the Vulnerable Software and Affected Versions expr-eval affected versions not specified Description Code Execution is possible via the 'toJSFunction' API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function...

9.8CVSS6.2AI score0.00469EPSS
Exploits0References14
vulnersOsv
vulnersOsv
added 2025/11/14 6:31 p.m.7 views

10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1277 more potentially affected by CVE-2025-13204 via expr-eval (>=0.12.0 <=2.0.2)

expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.1.4, =0.0.1, =0.4.2, =0.2.3, =0.2.4 - @activepieces/piece-apitable =0.1.5 and more Source cves: CVE-2025-13204 Source advisory: OSV:GHSA-8GW3-RXH4-V6JX...

7.3CVSS5.7AI score0.00459EPSS
Exploits1
Cvelist
Cvelist
added 2025/11/14 5:2 p.m.11 views

CVE-2025-13204 CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

0.00459EPSS
Exploits1References7
OSV
OSV
added 2025/11/14 5:2 p.m.5 views

CVE-2025-13204 CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

7.3CVSS6.1AI score0.00459EPSS
Exploits1References9
CERT
CERT
added 2025/11/07 12:0 a.m.9 views

Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution

Overview The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input...

9.8CVSS7.8AI score0.02285EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2025/11/05 3:30 a.m.14 views

10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1277 more potentially affected by CVE-2025-12735 via expr-eval (>=0.12.0 <=2.0.2)

expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.1.4, =0.0.1, =0.4.2, =0.2.3, =0.2.4 - @activepieces/piece-apitable =0.1.5 and more Source cves: CVE-2025-12735 Source advisory: OSV:GHSA-JC85-FPWF-QM7X...

9.8CVSS7.4AI score0.02285EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/18 1:2 p.m.11 views

10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1277 more potentially affected by CVE-2025-13204 via expr-eval (>=0.12.0 <=2.0.2)

expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.1.4, =0.0.1, =0.4.2, =0.2.3, =0.2.4 - @activepieces/piece-apitable =0.1.5 and more Source cves: CVE-2025-13204 Source advisory: SNYK:JS-EXPREVAL-13508636...

7.3CVSS5.7AI score0.00459EPSS
Exploits1
Rows per page
Query Builder