VYPR

CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

VariantIncompleteLikelihood: Medium

Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-35

CVEs mapped to this weakness (115)

page 3 of 6
  • CVE-2026-4837MedApr 8, 2026
    risk 0.43cvss 6.6epss 0.00

    An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS (mTLS) to verify commands from the…

  • CVE-2026-48962HigMay 27, 2026
    risk 0.40cvss 7.3epss 0.00

    IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the…

  • CVE-2026-22666HigApr 7, 2026
    risk 0.40cvss 7.2epss 0.16

    Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator…

  • CVE-2026-11422HigJun 5, 2026
    risk 0.39cvss 7.1epss 0.00

    Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown…

  • CVE-2026-6878MedApr 23, 2026
    risk 0.36cvss 5.6epss 0.00

    A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The…

  • CVE-2025-15551MedFeb 5, 2026
    risk 0.36cvss 5.6epss 0.00

    The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack…

  • CVE-2025-6101MedJun 16, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in…

  • CVE-2026-1665MedJan 29, 2026
    risk 0.35cvss epss 0.01

    A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the…

  • CVE-2026-23885MedJan 19, 2026
    risk 0.35cvss 6.4epss 0.00

    Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engine_name` attribute in…

  • CVE-2026-24474MedJan 24, 2026
    risk 0.34cvss epss 0.00

    Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `id` that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a…

  • CVE-2025-47271MedMay 12, 2025
    risk 0.34cvss epss 0.00

    The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch…

  • CVE-2026-6652MedApr 20, 2026
    risk 0.31cvss 4.7epss 0.00

    A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically…

  • CVE-2026-39423MedApr 14, 2026
    risk 0.28cvss 5.4epss 0.00

    MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other…

  • CVE-2026-47167MedJun 11, 2026
    risk 0.27cvss 5.3epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patterns read from .rb files under…

  • CVE-2025-49598MedJun 13, 2025
    risk 0.22cvss epss 0.00

    conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An…

  • CVE-2025-24893KEVFeb 20, 2025
    risk 0.16cvss epss 1.00

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki…

  • CVE-2024-36401KEVJul 1, 2024
    risk 0.16cvss epss 1.00

    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a…

  • CVE-2022-40871Oct 12, 2022
    risk 0.04cvss epss 0.33

    Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

  • CVE-2026-47103Jun 17, 2026
    risk 0.00cvss epss 0.01

    Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted `` attributes evaluated unsafely. The SCXMLProcessor passes…

  • CVE-2026-29091Mar 6, 2026
    risk 0.00cvss epss 0.01

    Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the locutus project, specifically within the call_user_func_array function implementation. The vulnerability…