CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Description
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-35
CVEs mapped to this weakness (115)
page 4 of 6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28370 | 0.00 | — | 0.01 | Feb 27, 2026 | In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and… | |||
| CVE-2026-27493 | 0.00 | — | 0.01 | Feb 25, 2026 | n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by… | |||
| CVE-2026-27702 | 0.00 | — | 0.00 | Feb 25, 2026 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase's view filtering implementation allows any authenticated user (including free tier accounts) to execute arbitrary… | |||
| CVE-2026-1470 | 0.00 | — | 0.18 | Jan 27, 2026 | n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the… | |||
| CVE-2025-66474 | 0.00 | — | 0.01 | Dec 10, 2025 | XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against… | |||
| CVE-2025-64496 | 0.00 | — | 0.08 | Nov 8, 2025 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in… | |||
| CVE-2024-49048 | — | 0.00 | — | 0.01 | Nov 12, 2024 | TorchGeo Remote Code Execution Vulnerability | ||
| CVE-2024-48050 | — | 0.00 | — | 0.01 | Nov 4, 2024 | In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands. | ||
| CVE-2024-46946 | 0.00 | — | 0.01 | Sep 19, 2024 | langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6… | |||
| CVE-2024-45851 | 0.00 | — | 0.01 | Sep 12, 2024 | An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item… | |||
| CVE-2024-45850 | 0.00 | — | 0.01 | Sep 12, 2024 | An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site… | |||
| CVE-2024-45849 | 0.00 | — | 0.01 | Sep 12, 2024 | An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list… | |||
| CVE-2024-45848 | 0.00 | — | 0.01 | Sep 12, 2024 | An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the… | |||
| CVE-2024-45847 | 0.00 | — | 0.01 | Sep 12, 2024 | An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the… | |||
| CVE-2024-45846 | 0.00 | — | 0.02 | Sep 12, 2024 | An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with… | |||
| CVE-2024-27321 | 0.00 | — | 0.00 | Sep 12, 2024 | An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file… | |||
| CVE-2024-27320 | 0.00 | — | 0.00 | Sep 12, 2024 | An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing… | |||
| CVE-2024-37901 | 0.00 | — | 0.01 | Jul 31, 2024 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to… | |||
| CVE-2024-32649 | 0.00 | — | 0.00 | Apr 25, 2024 | Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin… | |||
| CVE-2024-32647 | 0.00 | — | 0.00 | Apr 25, 2024 | Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the… |
- CVE-2026-28370Feb 27, 2026risk 0.00cvss —epss 0.01
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and…
- CVE-2026-27493Feb 25, 2026risk 0.00cvss —epss 0.01
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by…
- CVE-2026-27702Feb 25, 2026risk 0.00cvss —epss 0.00
Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase's view filtering implementation allows any authenticated user (including free tier accounts) to execute arbitrary…
- CVE-2026-1470Jan 27, 2026risk 0.00cvss —epss 0.18
n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the…
- CVE-2025-66474Dec 10, 2025risk 0.00cvss —epss 0.01
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against…
- CVE-2025-64496Nov 8, 2025risk 0.00cvss —epss 0.08
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in…
- CVE-2024-49048Nov 12, 2024risk 0.00cvss —epss 0.01
TorchGeo Remote Code Execution Vulnerability
- CVE-2024-48050Nov 4, 2024risk 0.00cvss —epss 0.01
In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands.
- CVE-2024-46946Sep 19, 2024risk 0.00cvss —epss 0.01
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6…
- CVE-2024-45851Sep 12, 2024risk 0.00cvss —epss 0.01
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item…
- CVE-2024-45850Sep 12, 2024risk 0.00cvss —epss 0.01
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site…
- CVE-2024-45849Sep 12, 2024risk 0.00cvss —epss 0.01
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list…
- CVE-2024-45848Sep 12, 2024risk 0.00cvss —epss 0.01
An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the…
- CVE-2024-45847Sep 12, 2024risk 0.00cvss —epss 0.01
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the…
- CVE-2024-45846Sep 12, 2024risk 0.00cvss —epss 0.02
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with…
- CVE-2024-27321Sep 12, 2024risk 0.00cvss —epss 0.00
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file…
- CVE-2024-27320Sep 12, 2024risk 0.00cvss —epss 0.00
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing…
- CVE-2024-37901Jul 31, 2024risk 0.00cvss —epss 0.01
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to…
- CVE-2024-32649Apr 25, 2024risk 0.00cvss —epss 0.00
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the `build_IR` function of the `sqrt` builtin…
- CVE-2024-32647Apr 25, 2024risk 0.00cvss —epss 0.00
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the…