An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file.

CVE-2025-66474HIGHCVSS 8.8EG 8.8

2025-12-10

XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 ha…

CVE-2025-68271CRITICALCVSS 10.0EG 10.0

2026-01-13

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-…

CVE-2025-8420HIGHCVSS 8.1EG 8.1

2025-08-06

Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly va…

CVE-2026-0769CRITICALCVSS 9.8EG 9.8

2026-01-23

Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit t…

CVE-2026-0863HIGHCVSS 8.5EG 8.5

2026-01-18

Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via t…

CVE-2026-1470CRITICALCVSS 9.9EG 9.9

2026-01-27

n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not …

CVE-2026-1665MEDIUMCVSS 5.4EG 0.0

2026-01-29

A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget co…

CVE-2026-22666HIGHCVSS 7.2EG 7.2

2026-04-07

Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callab…

CVE-2026-23885MEDIUMCVSS 6.4EG 6.4

2026-01-19

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engi…

CVE-2026-24474MEDIUMCVSS 5.3EG 0.0

2026-01-24

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `id` that can be user supplied. Commit 41…

CVE-2026-31254HIGHCVSS 7.3EG 7.3

2026-05-11

The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability (CWE-94) in its training script. The script registers the Python eval() function as a Hydra configuration…

CVE-2026-33017CRITICALCVSS 9.8EG 9.8⚠ KEV

2026-03-20

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the op…

CVE-2026-33618HIGHCVSS 8.8EG 8.8

2026-04-10

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via…

CVE-2026-35002CRITICALCVSS 9.8EG 9.8

2026-04-02

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers ca…

CVE-2026-39423MEDIUMCVSS 5.4EG 5.4

2026-04-14

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitr…

CVE-2026-40316HIGHCVSS 8.8EG 8.8

2026-04-15

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. …

CVE-2026-42079HIGHCVSS 8.6EG 8.6

2026-05-04

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched …

CVE-2026-42603HIGHCVSS 8.8EG 8.8

2026-05-11

OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_target (privileged trigger) but checks out…

CVE-2026-44128CRITICALCVSS 9.3EG 9.3

2026-05-08

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

CVE-2026-44643CRITICALCVSS 10.0EG 10.0

2026-05-11

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. …

CVE-2026-46586HIGHCVSS 8.8EG 7.3

2026-05-19

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are …

CVE-2026-4837MEDIUMCVSS 6.6EG 6.6

2026-04-08

An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TL…

CVE-2026-48962HIGHCVSS 7.3EG 7.3

2026-05-27

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parse…

CVE-2026-5971HIGHCVSS 7.3EG 7.3

2026-04-09

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improp…

CVE-2026-6652MEDIUMCVSS 4.7EG 4.7

2026-04-20

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutrali…

CVE-2026-6878MEDIUMCVSS 5.6EG 5.6

2026-04-23

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of …

CWE-95— Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection)

CVEs classified under CWE-95page 3 of 3

Map vulnerabilities like CWE-95 to your infrastructure