VYPR

CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

VariantIncompleteLikelihood: Medium

Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-35

CVEs mapped to this weakness (115)

page 1 of 6
  • CVE-2026-33017CriKEVMar 20, 2026
    risk 0.77cvss 9.8epss 0.98

    Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the…

  • CVE-2013-10070CriAug 5, 2025
    risk 0.74cvss epss 0.01

    PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in…

  • CVE-2024-7954CriAug 23, 2024
    risk 0.74cvss 9.8epss 0.90

    The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.

  • CVE-2025-0868CriFeb 20, 2025
    risk 0.65cvss epss 0.15

    A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from…

  • CVE-2026-4851CriMar 29, 2026
    risk 0.64cvss 9.8epss 0.00

    GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls (RPC) over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host…

  • CVE-2026-4001CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.01

    The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to…

  • CVE-2025-55346CriAug 14, 2025
    risk 0.64cvss 9.8epss 0.17

    User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request.

  • CVE-2025-49013CriJun 9, 2025
    risk 0.64cvss 9.9epss 0.01

    WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of `${{ github.event.review.body }}` and other user controlled variables directly inside shell…

  • CVE-2024-39173CriJul 18, 2024
    risk 0.64cvss 9.8epss 0.01

    calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field.

  • CVE-2024-36404CriJul 2, 2024
    risk 0.63cvss 9.8epss 0.75

    GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution (RCE) is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions…

  • CVE-2026-44128CriMay 8, 2026
    risk 0.60cvss epss 0.01

    SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

  • CVE-2025-12140CriNov 27, 2025
    risk 0.60cvss epss 0.00

    The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary…

  • CVE-2011-10033CriOct 15, 2025
    risk 0.60cvss epss 0.00

    The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval() on user-controlled input, which can…

  • CVE-2026-44179criJun 22, 2026
    risk 0.59cvss epss

    ### Summary The excerpt-include macro does not properly escape the title of the included page and executes the content of the excerpt with the macro's rights. Therefore, it is vulnerable to XWiki syntax injection via the included page's title and content, allowing remote code…

  • CVE-2026-46562criMay 27, 2026
    risk 0.59cvss epss 0.01

    # Remote Code Execution via Mission Database algorithm override ## Summary The Nashorn `ScriptEngine` used to evaluate user-supplied algorithm text in `MdbOverrideApi.updateAlgorithm` is constructed without a `ClassFilter`, allowing a user with the `ChangeMissionDatabase`…

  • CVE-2026-44643CriMay 11, 2026
    risk 0.58cvss 10.0epss 0.00

    Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.

  • CVE-2026-28505CriMar 30, 2026
    risk 0.58cvss 10.0epss 0.00

    Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in notification_handler.py implements a sandboxed eval() for notification text templates. The sandbox attempts to restrict callable names by inspecting…

  • CVE-2025-68271CriJan 13, 2026
    risk 0.58cvss 10.0epss 0.01

    OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses…

  • CVE-2026-50733HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview (window.eval) and presentation mode plus HTML export (the bundled…

  • CVE-2026-46586HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version…