Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 3:37 p.m.5 views

CVE-2026-12866

A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...

9.8CVSS6.6AI score0.00469EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 5:17 a.m.30 views

CVE-2026-12866

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...

9.8CVSS0.00469EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 5:0 a.m.23 views

CVE-2026-12866

The CVE-2026-12866 entry concerns the npm package expr-eval. Affected versions are vulnerable to Code Execution via the toJSFunction() API, where user-supplied expressions are transformed into executable JavaScript with new Function(), allowing an attacker to escape the sandbox and run arbitrary ...

9.8CVSS6.3AI score0.00469EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/23 5:0 a.m.4 views

CVE-2026-12866

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...

9.8CVSS6.3AI score0.00469EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 5:0 a.m.14 views

CVE-2026-12866

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...

9.8CVSS6.3AI score0.00469EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51474

Name of the Vulnerable Software and Affected Versions expr-eval affected versions not specified Description Code Execution is possible via the 'toJSFunction' API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function...

9.8CVSS6.2AI score0.00469EPSS
Exploits0References14
Snyk
Snyk
added 2026/01/20 8:2 a.m.6 views

Code Execution

Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because...

9.8CVSS6.3AI score0.00469EPSS
Exploits0References3
Rows per page
Query Builder