59100 matches found
CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...
Prototype Pollution
Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute...
Prototype Pollution
Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute arbitrary JavaScript code by providing...
CVE-2025-12735
Summary: CVE-2025-12735 affects the expr-eval JavaScript expression parser/evaluator. Insufficient input validation lets an attacker pass a crafted context object or leverage MEMBER of the context in evaluate(), enabling arbitrary code execution. This is a client-side JavaScript library vulnerabi...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 5 security fixes: 443906252 High CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous on 2025-09-09 447172715 High CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz on 2025-09-25 454485895 High...
JavaScript Expression Evaluator 安全漏洞
JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from insufficient input validation and could lead to the execution of arbitrary code...
PT-2025-45160
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the management console of multiple WSO2 products because of improper output encoding. A malicious actor can inject arbitrary...
PT-2025-45116
Name of the Vulnerable Software and Affected Versions OctoPrint versions 1.11.3 and below Description OctoPrint, a web interface for controlling 3D printers, is affected by an issue that allows the injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups. An...
PT-2025-45064
Name of the Vulnerable Software and Affected Versions expr-eval versions prior to 3.0.0 expr-eval-fork versions prior to 3.0.0 Description The expr-eval library, a JavaScript expression parser and evaluator, is susceptible to remote code execution RCE. This issue stems from inadequate input...
GHSA-4766-X535-JW3R kgateway is missing xDS authorization
Summary The xDS interface in Kgateway versions 2.0.0 through 2.0.4 lacks authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster...
CVE-2025-12682
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...
CVE-2025-12682 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...
EUVD-2025-37740
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...
CVE-2025-12682 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...
CVE-2025-12682
CVE-2025-12682 concerns the WordPress plugin Easy Upload Files During Checkout. The vulnerability is an unauthenticated arbitrary JavaScript file upload caused by missing file type validation in the file_during_checkout function, affecting all versions up to and including 2.9.8. The issue can ena...
CVE-2025-60503
A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...
PT-2025-45011
Name of the Vulnerable Software and Affected Versions Easy Upload Files During Checkout plugin for WordPress versions prior to 2.9.9 Description The Easy Upload Files During Checkout plugin for WordPress is susceptible to arbitrary JavaScript file uploads because of a lack of file type validation...
CVE-2025-61431
A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...
CVE-2025-61431
CVE-2025-61431 is a reflected XSS in Zucchetti ZMaintenance Infinity (and Infinity Zucchetti) up to v4.1. The flaw arises from unvalidated input delivered to the /jsp/gsfr_feditorHTML.jsp endpoint, allowing an attacker to inject crafted payload into the pHtmlSource parameter and execute arbitrary...
WordPress plugin Easy Upload Files During Checkout 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A code issue...