Oh they lowered the island eval requirement for K.K. Slider, nice. It took way too long to hit level 5 before.
November 12, 2025 at 2:23 PM
Oh they lowered the island eval requirement for K.K. Slider, nice. It took way too long to hit level 5 before.
you need a psych eval
November 12, 2025 at 12:47 PM
you need a psych eval
Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution (CVE-2025-12735) #appsec
Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution (CVE-2025-12735)
Eyal Estrin
unread,
12:11 AM (3 minutes ago)
to
https://kb.cert.org/vuls/id/263614
https://www.bleepingcomputer.com/news/security/popular-javascript-library-expr-eval-vulnerable-to-rce-flaw/
Eyal Estrin
CISSP, CCSP, CISM, CISA, CDPSE, CCSK
Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv
Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social
groups.google.com
November 12, 2025 at 8:14 AM
Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution (CVE-2025-12735) #appsec
人気のJavaScript ライブラリ「expr-eval」にリモートコード実行の致命的な脆弱性(CVE-2025-12735)
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security
人気のJavaScript ライブラリ「expr-eval」にリモートコード実行の致命的な脆弱性(CVE-2025-12735)|セキュリティと脆弱性のニュース-セキュリティ対策Lab
2025年11月8日 NPMで週80万超のダウンロードがある数式パーサ「expr-eval」に、細工した入力から任意コード実行(RCE)が可能になる致命的な脆弱性(CVE-2025-12735、CVSS 9.8)が見つかりました。CERT/CCは修正パッチを元リポジトリにプルリクエスト(PR #288)として提出していますが、現時点でマージは未定です。一方、アクティブにメンテナンスされているフォー...
rocket-boys.co.jp
November 12, 2025 at 4:07 AM
人気のJavaScript ライブラリ「expr-eval」にリモートコード実行の致命的な脆弱性(CVE-2025-12735)
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security
im reading my old psych eval papers from when i was literally 10 and
November 12, 2025 at 2:40 AM
im reading my old psych eval papers from when i was literally 10 and
Wearing this to the autism eval
November 12, 2025 at 2:10 AM
Wearing this to the autism eval
非常に人気のあるJavaScriptライブラリに懸念されるマルウェア問題の可能性
(画像クレジット:Shutterstock / BEST-BACKGROUNDS) expr-evalのCVE-2025-12735は、不正な入力評価によるリモートコード実行を許します 脆弱なバージョンは2.0.2以下;2.0.3で修正、expr-eval-fork 3.0.0でフォーク 開発者は変数をサニタイズし、evaluate()呼び出しで信頼できない入力を避けるべきです 広く採用されているJavaScriptライブラリに、攻撃者がリモートで悪意のあるコードを実行できる重大な脆弱性が発見されました。…
(画像クレジット:Shutterstock / BEST-BACKGROUNDS) expr-evalのCVE-2025-12735は、不正な入力評価によるリモートコード実行を許します 脆弱なバージョンは2.0.2以下;2.0.3で修正、expr-eval-fork 3.0.0でフォーク 開発者は変数をサニタイズし、evaluate()呼び出しで信頼できない入力を避けるべきです 広く採用されているJavaScriptライブラリに、攻撃者がリモートで悪意のあるコードを実行できる重大な脆弱性が発見されました。…
非常に人気のあるJavaScriptライブラリに懸念されるマルウェア問題の可能性
(画像クレジット:Shutterstock / BEST-BACKGROUNDS) expr-evalのCVE-2025-12735は、不正な入力評価によるリモートコード実行を許します 脆弱なバージョンは2.0.2以下;2.0.3で修正、expr-eval-fork 3.0.0でフォーク 開発者は変数をサニタイズし、evaluate()呼び出しで信頼できない入力を避けるべきです 広く採用されているJavaScriptライブラリに、攻撃者がリモートで悪意のあるコードを実行できる重大な脆弱性が発見されました。 セキュリティ研究者のJangwoo Choe氏は、expr-evalというNPMで週80万回以上ダウンロードされているライブラリに「不十分な入力検証」バグを発見しました。このライブラリは、文字列から数式を解析・評価し、開発者がユーザー入力の数式を安全に計算できるようにします。一般的に、このスクリプトはウェブアプリの電卓、データ分析ツール、式ベースのロジックなどで使用されています。 この脆弱性には9.8/10(クリティカル)の深刻度スコアが与えられ、CVE-2025-12735として追跡されています。CERT/CCや業界のトラッカーは、このバグを高い影響度と分類しており、「リモートから悪用可能で、権限やユーザー操作を必要とせず、機密性・完全性・可用性のすべてを侵害される可能性がある」としています。 修正と緩和策 「この機能は、悪意のあるコードを注入し、システムレベルのコマンドを実行、機密性の高いローカルリソースへのアクセスやデータの流出を引き起こす可能性があります」とCERTの勧告は述べています。「この問題はプルリクエスト#288で修正されました。」 この問題の根本原因は、ライブラリが関数オブジェクトやその他の危険な値を評価コンテキストに許可していることにあり、攻撃者が変数オブジェクトに影響を与えられる場合、サンドボックスを抜け出して任意のJavaScriptを実行する関数を渡すことができます。 2.0.2までのすべてのバージョンが脆弱とされており、2.0.3以降で修正されています。 ユーザーは、積極的にメンテナンスされているフォーク版expr-eval-fork(バージョン3.0.0)に移行することでリスクを軽減できます。また、ユーザーが提供した、または信頼できない入力に対してevaluate()を呼び出しているアプリのユーザーは、直ちに信頼できないデータの入力をやめ、変数オブジェクトをラップまたはサニタイズして、関数やプロトタイプの改変フィールドが注入されないようにすべきです。 このライブラリは広く人気があります。npmjs.comによると、現在250以上のプロジェクトで使用されています。 出典:BleepingComputer GoogleニュースでTechRadarをフォローし、 お気に入りの情報源に追加して、私たちの専門ニュース、レビュー、意見をフィードで受け取りましょう。フォローボタンをクリックするのをお忘れなく! もちろん、TikTokでTechRadarをフォローして、ニュース、レビュー、開封動画などを動画でチェックし、WhatsAppでも定期的に最新情報を受け取れます。 翻訳元:
blackhatnews.tokyo
November 12, 2025 at 1:51 AM
非常に人気のあるJavaScriptライブラリに懸念されるマルウェア問題の可能性
(画像クレジット:Shutterstock / BEST-BACKGROUNDS) expr-evalのCVE-2025-12735は、不正な入力評価によるリモートコード実行を許します 脆弱なバージョンは2.0.2以下;2.0.3で修正、expr-eval-fork 3.0.0でフォーク 開発者は変数をサニタイズし、evaluate()呼び出しで信頼できない入力を避けるべきです 広く採用されているJavaScriptライブラリに、攻撃者がリモートで悪意のあるコードを実行できる重大な脆弱性が発見されました。…
(画像クレジット:Shutterstock / BEST-BACKGROUNDS) expr-evalのCVE-2025-12735は、不正な入力評価によるリモートコード実行を許します 脆弱なバージョンは2.0.2以下;2.0.3で修正、expr-eval-fork 3.0.0でフォーク 開発者は変数をサニタイズし、evaluate()呼び出しで信頼できない入力を避けるべきです 広く採用されているJavaScriptライブラリに、攻撃者がリモートで悪意のあるコードを実行できる重大な脆弱性が発見されました。…
Poetry is my go to example of human eval failure because studies have shown that most people like LLM poetry. The main exception is people who actually generally enjoy poetry
November 12, 2025 at 1:16 AM
Poetry is my go to example of human eval failure because studies have shown that most people like LLM poetry. The main exception is people who actually generally enjoy poetry
Popular JavaScript library expr-eval vulnerable to RCE flaw www.bleepingcomputer.com/news/securit...
Popular JavaScript library expr-eval vulnerable to RCE flaw
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input.
www.bleepingcomputer.com
November 12, 2025 at 12:12 AM
Popular JavaScript library expr-eval vulnerable to RCE flaw www.bleepingcomputer.com/news/securit...
I'm SUPER HAPPY bc I had an AMAZING first session with my new physical therapist today.
After an eval she agreed that I was ready to START WALKING EXCERCISES using a Zimmer frame. Now I have to start slowly bc hopping on one leg is always risky but YAY, getting closer to a prosthesis bit by bit!!
After an eval she agreed that I was ready to START WALKING EXCERCISES using a Zimmer frame. Now I have to start slowly bc hopping on one leg is always risky but YAY, getting closer to a prosthesis bit by bit!!
a cartoon penguin is standing in the snow next to a penguin .
ALT: a cartoon penguin is standing in the snow next to a penguin .
media.tenor.com
November 11, 2025 at 10:42 PM
I'm SUPER HAPPY bc I had an AMAZING first session with my new physical therapist today.
After an eval she agreed that I was ready to START WALKING EXCERCISES using a Zimmer frame. Now I have to start slowly bc hopping on one leg is always risky but YAY, getting closer to a prosthesis bit by bit!!
After an eval she agreed that I was ready to START WALKING EXCERCISES using a Zimmer frame. Now I have to start slowly bc hopping on one leg is always risky but YAY, getting closer to a prosthesis bit by bit!!
They also said I need to go get an eval for ADHD, so if I'm on something for that maybe I don't need to be on Zepbound as well? I'm not really looking forward to figuring out how to pay for the diagnostic if insurance doesn't cover it
November 11, 2025 at 10:26 PM
They also said I need to go get an eval for ADHD, so if I'm on something for that maybe I don't need to be on Zepbound as well? I'm not really looking forward to figuring out how to pay for the diagnostic if insurance doesn't cover it
Researcher Discovers Critical RCE (CVE-2025-12735) in expr-eval JavaScript Library
Researcher Discovers Critical RCE (CVE-2025-12735) in expr-eval JavaScript Library - Cyberwarzone
Security researcher Jangwoo Choe discovered a critical remote code execution (RCE) vulnerability, CVE-2025-12735, in the popular JavaScript library expr-eval. The flaw lets attackers execute arbitrary code and seize full control over hundreds of affected projects.
cyberwarzone.com
November 11, 2025 at 7:32 PM
Researcher Discovers Critical RCE (CVE-2025-12735) in expr-eval JavaScript Library
Lucas says the views at Wyndemere are WONDERFUL. Liz is like, ok, I'm happy and excited but if he needs to get off fast-- she's there for him.
Nathan's psyche eval came back and they reviewed it #GH
Nathan's psyche eval came back and they reviewed it #GH
November 11, 2025 at 7:21 PM
Lucas says the views at Wyndemere are WONDERFUL. Liz is like, ok, I'm happy and excited but if he needs to get off fast-- she's there for him.
Nathan's psyche eval came back and they reviewed it #GH
Nathan's psyche eval came back and they reviewed it #GH
This controller was used in their eval boards and can behave outside FireWire spec. Isosyncronous packets on the firewire bus are broadcast, every device has visibility to it. Asyncronous packets however are targeted to one node in the chain. OHCI requires controllers to ignore other async packets
November 11, 2025 at 6:39 PM
This controller was used in their eval boards and can behave outside FireWire spec. Isosyncronous packets on the firewire bus are broadcast, every device has visibility to it. Asyncronous packets however are targeted to one node in the chain. OHCI requires controllers to ignore other async packets
This guy normally shows up to make a "HAI MEEGUH, HERZ A PUST UHBUT HOW EVAL NENTENDUH HAYTERZ R, PLZ RESPUND!" posts, Which is kinda appreciated but...
What the [hyperlinked blocked] is this supposed to mean? What is the correlation? What is the joke? This doesn't make people hypocritical.
What the [hyperlinked blocked] is this supposed to mean? What is the correlation? What is the joke? This doesn't make people hypocritical.
November 11, 2025 at 5:59 PM
This guy normally shows up to make a "HAI MEEGUH, HERZ A PUST UHBUT HOW EVAL NENTENDUH HAYTERZ R, PLZ RESPUND!" posts, Which is kinda appreciated but...
What the [hyperlinked blocked] is this supposed to mean? What is the correlation? What is the joke? This doesn't make people hypocritical.
What the [hyperlinked blocked] is this supposed to mean? What is the correlation? What is the joke? This doesn't make people hypocritical.
In a NORMAL society, a desperate wannabe despot calling for troops to be called on their cities would IMMEDIATELY be ousted from office & tried in court (& let's be real: they'd get psych eval, too).
But here in the Upside Down, apparently this gets.... NOTHING. 🙃
truthsocial.com/@realDonaldT...
But here in the Upside Down, apparently this gets.... NOTHING. 🙃
truthsocial.com/@realDonaldT...
November 11, 2025 at 5:55 PM
In a NORMAL society, a desperate wannabe despot calling for troops to be called on their cities would IMMEDIATELY be ousted from office & tried in court (& let's be real: they'd get psych eval, too).
But here in the Upside Down, apparently this gets.... NOTHING. 🙃
truthsocial.com/@realDonaldT...
But here in the Upside Down, apparently this gets.... NOTHING. 🙃
truthsocial.com/@realDonaldT...
It depends where you are, believe it or not. Seattle with an amazing hospital (when not cut in personnel, pay, etc)? It’s good. A South Jersey clinic the size of a 7-11? Wasn’t.
And the secret is: service-connected % is subjective based on different reviewers. It’s a tough re-eval system/hoops.
And the secret is: service-connected % is subjective based on different reviewers. It’s a tough re-eval system/hoops.
November 11, 2025 at 5:52 PM
It depends where you are, believe it or not. Seattle with an amazing hospital (when not cut in personnel, pay, etc)? It’s good. A South Jersey clinic the size of a 7-11? Wasn’t.
And the secret is: service-connected % is subjective based on different reviewers. It’s a tough re-eval system/hoops.
And the secret is: service-connected % is subjective based on different reviewers. It’s a tough re-eval system/hoops.
Who Routes LLM Routers? RouterArena Builds the Eval Foundation for LLM Routing Article URL: https://huggingface.co/blog/JerryPotter/who-routes-the-routers Comments URL: https://news.ycombinator.com/item?id=45889528 Points: 1 # Comments: 1
Interest | Match | Feed
Interest | Match | Feed
Origin
huggingface.co
November 11, 2025 at 5:23 PM
Yeah, it probably would have been a good eval if I'd actually been at work for the past five and a half months and anyone had incentive to fight for me
November 11, 2025 at 5:12 PM
Yeah, it probably would have been a good eval if I'd actually been at work for the past five and a half months and anyone had incentive to fight for me
Honestly, better an average eval for not being there than anything else.
November 11, 2025 at 5:09 PM
Honestly, better an average eval for not being there than anything else.
Who Routes LLM Routers? RouterArena Builds the Eval Foundation for LLM Routing Article URL: https://huggingface.co/blog/JerryPotter/who-routes-the-routers Comments URL: https://news.ycombinator.com...
Origin | Interest | Match
Origin | Interest | Match
Who Routes LLM Routers? RouterArena: Building the Evaluation Foundation for LLM Routing
A Blog post by Jiarong Xing on Hugging Face
huggingface.co
November 11, 2025 at 5:26 PM
By popular demand, we're covering 🎓 LLM-as-a-judge 101 🎓 in our next workshop! RSVP: luma.com/tmipn699
Learn how to design your eval from scratch -- including what to measure, which model to use, how to prompt effectively, and how to improve your eval.
Learn how to design your eval from scratch -- including what to measure, which model to use, how to prompt effectively, and how to improve your eval.
November 11, 2025 at 4:44 PM
By popular demand, we're covering 🎓 LLM-as-a-judge 101 🎓 in our next workshop! RSVP: luma.com/tmipn699
Learn how to design your eval from scratch -- including what to measure, which model to use, how to prompt effectively, and how to improve your eval.
Learn how to design your eval from scratch -- including what to measure, which model to use, how to prompt effectively, and how to improve your eval.
Popular JavaScript library expr-eval vulnerable to RCE flaw
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. [...]
#hackernews #news
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. [...]
#hackernews #news
Popular JavaScript library expr-eval vulnerable to RCE flaw
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. [...]
www.bleepingcomputer.com
November 11, 2025 at 4:41 PM
Popular JavaScript library expr-eval vulnerable to RCE flaw
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. [...]
#hackernews #news
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. [...]
#hackernews #news
Critical vulnerability CVE-2025-12735 found in `expr-eval` library, risking RCE in AI & NLP apps. Developers urged to update to `expr-eval-fork` v3.0.0 immediately. #CyberSecurity #AI #NLP #NPM Link: thedailytechfeed.com/critical-npm...
November 11, 2025 at 4:22 PM
Critical vulnerability CVE-2025-12735 found in `expr-eval` library, risking RCE in AI & NLP apps. Developers urged to update to `expr-eval-fork` v3.0.0 immediately. #CyberSecurity #AI #NLP #NPM Link: thedailytechfeed.com/critical-npm...
I need to schedule an eval >_>
November 11, 2025 at 3:27 PM
I need to schedule an eval >_>