Lucene search
K

799 matches found

Nuclei
Nuclei
added 4 hours ago68 views

PrestaShop - SQL Injection to Eval Injection

PrestaShop versions from 1.6.0.10 and before 1.7.8.7 contain an SQL injection caused by unsanitized user input, letting attackers chain the vulnerability to call PHP's Eval function, exploit requires attacker to send malicious input. id: CVE-2022-31181 info: name: PrestaShop - SQL Injection to Ev...

9.8CVSS7AI score0.0517EPSS
Exploits2References4
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-521 amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...

9.8CVSS6.5AI score0.00808EPSS
Exploits1References8
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-256 Agno is vulnerable to Eval Injection

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

9.3CVSS6.7AI score0.00852EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/18 2:28 p.m.9 views

python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.01188EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/18 2:28 p.m.7 views

GHSA-V4JC-PM6R-3VJ8 python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.01188EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/18 2:28 p.m.4 views

Eval Injection

Overview python-statemachine is a Python Finite State Machines made easy. Affected versions of this package are vulnerable to Eval Injection via the SCXMLProcessor.parsescxmlfile process. An attacker can execute arbitrary code in the context of the hosting process by supplying a crafted SCXML...

9.8CVSS6.1AI score0.01188EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/06/10 7:46 a.m.61 views

Exploit for CVE-2026-48962

Summary An eval injection vulnerability in File::GlobMappe...

7.3CVSS6.4AI score0.00292EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39423

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including...

6.9CVSS5.8AI score0.00173EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/03 5:6 p.m.112 views

Exploit for Eval Injection in Geoserver

CVE-2024-36401 — Unauthenticated RCE in GeoServer !CVEhttp...

9.8CVSS7.6AI score0.99813EPSS
Exploits25
Github Security Blog
Github Security Blog
added 2026/05/29 7:32 p.m.18 views

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...

9.8CVSS6.5AI score0.00808EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/29 7:32 p.m.8 views

GHSA-29H4-R29X-HCHV amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...

9.8CVSS6.5AI score0.00808EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/05/28 7:31 a.m.82 views

Typecho-GetText-eval-RCE-PoC

Typecho GetText Plural-Forms eval Remote Code Execution...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/20 7:57 p.m.11 views

CVE-2026-46586

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

8.8CVSS5.8AI score0.0055EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libmodule-scandeps-perl

Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...

7.8CVSS7.6AI score0.08598EPSS
Exploits3References2
NVD
NVD
added 2026/05/19 10:16 a.m.19 views

CVE-2026-46586

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

8.8CVSS0.0055EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:41 a.m.9 views

CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

5.8AI score0.0055EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:41 a.m.46 views

CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

0.0055EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:41 a.m.7 views

CVE-2026-46586

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

5.8AI score0.0055EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 9:41 a.m.30 views

CVE-2026-46586

CVE-2026-46586 affects Apache OFBiz prior to 24.09.06 and is described as an Improper Control of Generation of Code (Code Injection) and Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) vulnerability. The issue enables injection/execution through Groovy code in...

8.8CVSS5.8AI score0.0055EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/19 9:41 a.m.16 views

EUVD-2026-30876

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

7.3CVSS5.8AI score0.0055EPSS
Exploits0References1
Rows per page
Query Builder