CWE-95— Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").— MITRE CWE catalog
140 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-95page 3 of 3
- CVE-2025-65530HIGHCVSS 8.8EG 8.82025-12-12
An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file.
- CVE-2025-66474HIGHCVSS 8.8EG 8.82025-12-10
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 ha…
- CVE-2025-68271CRITICALCVSS 10.0EG 10.02026-01-13
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-…
- CVE-2025-71361HIGHCVSS 8.1EG 8.12025-08-26
picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files that execute arbitrary code when loaded via…
- CVE-2025-8420HIGHCVSS 8.1EG 8.12025-08-06
Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly va…
- CVE-2026-0769CRITICALCVSS 9.8EG 9.82026-01-23
Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit t…
- CVE-2026-0863HIGHCVSS 8.5EG 8.52026-01-18
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system. The vulnerability can be exploited via t…
- CVE-2026-11422HIGHCVSS 7.1EG 7.12026-06-05
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenc…
- CVE-2026-14380HIGHCVSS 8.8EG 8.82026-07-07
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package…
- CVE-2026-1470CRITICALCVSS 9.9EG 9.92026-01-27
n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not …
- CVE-2026-1665MEDIUMCVSS 5.4EG 5.42026-01-29
A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget co…
- CVE-2026-22666HIGHCVSS 7.2EG 7.22026-04-07
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callab…
- CVE-2026-23885MEDIUMCVSS 6.4EG 6.42026-01-19
Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engi…
- CVE-2026-24474MEDIUMCVSS 5.3EG 5.32026-01-24
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `id` that can be user supplied. Commit 41…
- CVE-2026-29091HIGHCVSS 8.1EG 8.12026-03-06
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the locutus project, specifically within the call_user_func_array fu…
- CVE-2026-31254HIGHCVSS 7.3EG 7.32026-05-11
The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability (CWE-94) in its training script. The script registers the Python eval() function as a Hydra configuration…
- CVE-2026-33017CRITICALCVSS 9.8EG 9.8⚠ KEV2026-03-20
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the op…
- CVE-2026-33618HIGHCVSS 8.8EG 8.82026-04-10
Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via…
- CVE-2026-35002CRITICALCVSS 9.8EG 9.82026-04-02
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers ca…
- CVE-2026-39423MEDIUMCVSS 5.4EG 5.42026-04-14
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitr…
- CVE-2026-4001CRITICALCVSS 9.8EG 9.82026-03-24
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within include…
- CVE-2026-40316HIGHCVSS 8.8EG 8.82026-04-15
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. …
- CVE-2026-42079HIGHCVSS 8.6EG 8.62026-05-04
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched …
- CVE-2026-42603HIGHCVSS 8.8EG 8.82026-05-11
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_target (privileged trigger) but checks out…
- CVE-2026-44128CRITICALCVSS 9.3EG 9.32026-05-08
SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.
- CVE-2026-44643CRITICALCVSS 10.0EG 10.02026-05-11
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. …
- CVE-2026-44939CRITICALCVSS 9.4EG 9.42026-06-19
A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g.…
- CVE-2026-45406HIGHCVSS 8.8EG 8.82026-06-26
Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted sh…
- CVE-2026-46586HIGHCVSS 8.8EG 7.32026-05-19
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are …
- CVE-2026-47103CRITICALCVSS 9.8EG 9.82026-06-17
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted `<data expr="...">` attributes evaluat…
- CVE-2026-47167MEDIUMCVSS 5.3EG 5.32026-06-11
Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-defin…
- CVE-2026-4837HIGHCVSS 7.2EG 6.62026-04-08
An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TL…
- CVE-2026-48962HIGHCVSS 7.3EG 7.32026-05-27
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parse…
- CVE-2026-50733HIGHCVSS 8.8EG 8.82026-06-05
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview (window.eval) and present…
- CVE-2026-52858HIGHCVSS 7.8EG 7.82026-06-11
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +pyth…
- CVE-2026-53875HIGHCVSS 7.1EG 7.12026-06-17
picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. Attackers can craft malicious PyTorch payload…
- CVE-2026-5971HIGHCVSS 7.3EG 7.32026-04-09
A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improp…
- CVE-2026-6652MEDIUMCVSS 4.7EG 4.72026-04-20
A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutrali…
- CVE-2026-6878MEDIUMCVSS 5.6EG 5.62026-04-23
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of …
- CVE-2026-8914HIGHCVSS 8.4EG 8.42026-06-05
In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user …
Map vulnerabilities like CWE-95 to your infrastructure
EchelonGraph correlates every CVE — across CWE-95 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →