Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
safe vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2017-16088
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.
Safe-eval Project Safe-eval 0.3.0
Safe-eval Project Safe-eval 0.0.0
Safe-eval Project Safe-eval 0.2.0
Safe-eval Project Safe-eval 0.1.0
2 Github repositories
7.5
CVSSv2
CVE-2010-1168
The Safe (aka Safe.pm) module prior to 2.25 for Perl allows context-dependent malicious users to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed ob...
Rafael Garcia-suarez Safe 2.08
Rafael Garcia-suarez Safe 2.17
Rafael Garcia-suarez Safe 2.18
Rafael Garcia-suarez Safe 2.15
Rafael Garcia-suarez Safe 2.16
Rafael Garcia-suarez Safe 2.23
Rafael Garcia-suarez Safe 2.24
Rafael Garcia-suarez Safe 2.13
Rafael Garcia-suarez Safe 2.14
Rafael Garcia-suarez Safe 2.21
Rafael Garcia-suarez Safe 2.22
Rafael Garcia-suarez Safe 2.09
Rafael Garcia-suarez Safe 2.11
Rafael Garcia-suarez Safe 2.19
Rafael Garcia-suarez Safe 2.20
4.3
CVSSv2
CVE-2020-22789
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote malicious user to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
Safe Fme Server 2019.0
Safe Fme Server 2019.1
Safe Fme Server 2019.2
Safe Fme Server 2020.0
3.5
CVSSv2
CVE-2020-22790
Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote malicious user to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
Safe Fme Server 2019.0
Safe Fme Server 2019.1
Safe Fme Server 2019.2
Safe Fme Server 2020.0
NA
CVE-2023-26121
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.
Safe-eval Project Safe-eval
1 Github repository
NA
CVE-2023-26122
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable funct...
Safe-eval Project Safe-eval
1 Github repository
7.5
CVSSv2
CVE-2022-28481
CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.
Csv-safe Project Csv-safe
7.5
CVSSv2
CVE-2021-25927
Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 up to and including 2.0.1 allows an malicious user to cause a denial of service and may lead to remote code execution.
Safe-flat Project Safe-flat
NA
CVE-2022-25904
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an malicious user to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an malicious user to mod...
Safe-eval Project Safe-eval
7.5
CVSSv2
CVE-2020-7710
This affects all versions of package safe-eval. It is possible for an malicious user to run an arbitrary command on the host machine.
Safe-eval Project Safe-eval
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »