Lucene search
K

59100 matches found

OSV
OSV
added 2025/11/05 1:15 a.m.4 views

CVE-2025-12735

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...

9.8CVSS7.9AI score
Exploits0References9
Snyk
Snyk
added 2025/11/05 12:52 a.m.3 views

Prototype Pollution

Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute...

9.8CVSS8.1AI score0.02199EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/05 12:52 a.m.4 views

Prototype Pollution

Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute arbitrary JavaScript code by providing...

9.8CVSS8.1AI score0.02199EPSS
Exploits0References3
CVE
CVE
added 2025/11/05 12:22 a.m.457 views

CVE-2025-12735

Summary: CVE-2025-12735 affects the expr-eval JavaScript expression parser/evaluator. Insufficient input validation lets an attacker pass a crafted context object or leverage MEMBER of the context in evaluate(), enabling arbitrary code execution. This is a client-side JavaScript library vulnerabi...

9.8CVSS7.9AI score0.02199EPSS
Exploits0References9Affected Software2
FreeBSD
FreeBSD
added 2025/11/05 12:0 a.m.5 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 5 security fixes: 443906252 High CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous on 2025-09-09 447172715 High CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz on 2025-09-25 454485895 High...

8.8CVSS7.1AI score0.00238EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.3 views

JavaScript Expression Evaluator 安全漏洞

JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from insufficient input validation and could lead to the execution of arbitrary code...

9.8CVSS7.6AI score0.02199EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.7 views

PT-2025-45160

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the management console of multiple WSO2 products because of improper output encoding. A malicious actor can inject arbitrary...

6.1CVSS5.5AI score0.00159EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.7 views

PT-2025-45116

Name of the Vulnerable Software and Affected Versions OctoPrint versions 1.11.3 and below Description OctoPrint, a web interface for controlling 3D printers, is affected by an issue that allows the injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups. An...

4.6CVSS6.9AI score0.00133EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.3 views

PT-2025-45064

Name of the Vulnerable Software and Affected Versions expr-eval versions prior to 3.0.0 expr-eval-fork versions prior to 3.0.0 Description The expr-eval library, a JavaScript expression parser and evaluator, is susceptible to remote code execution RCE. This issue stems from inadequate input...

10CVSS8.3AI score0.02199EPSS
Exploits0References44
OSV
OSV
added 2025/11/04 6:39 p.m.5 views

GHSA-4766-X535-JW3R kgateway is missing xDS authorization

Summary The xDS interface in Kgateway versions 2.0.0 through 2.0.4 lacks authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster...

5.3CVSS6.8AI score0.00165EPSS
Exploits0References6
NVD
NVD
added 2025/11/04 2:15 p.m.16 views

CVE-2025-12682

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...

9.8CVSS0.00542EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/04 1:47 p.m.9 views

CVE-2025-12682 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...

9.8CVSS0.00542EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/04 1:47 p.m.14 views

EUVD-2025-37740

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7AI score0.00542EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/04 1:47 p.m.3 views

CVE-2025-12682 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7.1AI score0.00542EPSS
Exploits0References2
CVE
CVE
added 2025/11/04 1:47 p.m.25 views

CVE-2025-12682

CVE-2025-12682 concerns the WordPress plugin Easy Upload Files During Checkout. The vulnerability is an unauthenticated arbitrary JavaScript file upload caused by missing file type validation in the file_during_checkout function, affecting all versions up to and including 2.9.8. The issue can ena...

9.8CVSS7.1AI score0.00542EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/04 12:53 a.m.18 views

CVE-2025-60503

A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...

8.7CVSS6AI score0.00334EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.4 views

PT-2025-45011

Name of the Vulnerable Software and Affected Versions Easy Upload Files During Checkout plugin for WordPress versions prior to 2.9.9 Description The Easy Upload Files During Checkout plugin for WordPress is susceptible to arbitrary JavaScript file uploads because of a lack of file type validation...

9.8CVSS7.9AI score0.00542EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/04 12:0 a.m.9 views

CVE-2025-61431

A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...

0.00164EPSS
Exploits0References2
CVE
CVE
added 2025/11/04 12:0 a.m.13 views

CVE-2025-61431

CVE-2025-61431 is a reflected XSS in Zucchetti ZMaintenance Infinity (and Infinity Zucchetti) up to v4.1. The flaw arises from unvalidated input delivered to the /jsp/gsfr_feditorHTML.jsp endpoint, allowing an attacker to inject crafted payload into the pHtmlSource parameter and execute arbitrary...

6.1CVSS6.2AI score0.00164EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.3 views

WordPress plugin Easy Upload Files During Checkout 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A code issue...

9.8CVSS7.8AI score0.00542EPSS
Exploits0References3
Rows per page
Query Builder