799 matches found
PrestaShop - SQL Injection to Eval Injection
PrestaShop versions from 1.6.0.10 and before 1.7.8.7 contain an SQL injection caused by unsanitized user input, letting attackers chain the vulnerability to call PHP's Eval function, exploit requires attacker to send malicious input. id: CVE-2022-31181 info: name: PrestaShop - SQL Injection to Ev...
PYSEC-2026-521 amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection
Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...
PYSEC-2026-256 Agno is vulnerable to Eval Injection
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...
python-statemachine SCXML <data expr> Eval Injection
Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...
GHSA-V4JC-PM6R-3VJ8 python-statemachine SCXML <data expr> Eval Injection
Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...
Eval Injection
Overview python-statemachine is a Python Finite State Machines made easy. Affected versions of this package are vulnerable to Eval Injection via the SCXMLProcessor.parsescxmlfile process. An attacker can execute arbitrary code in the context of the hosting process by supplying a crafted SCXML...
Exploit for CVE-2026-48962
Summary An eval injection vulnerability in File::GlobMappe...
CVE-2026-39423
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including...
Exploit for Eval Injection in Geoserver
CVE-2024-36401 — Unauthenticated RCE in GeoServer !CVEhttp...
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection
Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...
GHSA-29H4-R29X-HCHV amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection
Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...
Typecho-GetText-eval-RCE-PoC
Typecho GetText Plural-Forms eval Remote Code Execution...
CVE-2026-46586
Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...
Astra Linux – Vulnerability in libmodule-scandeps-perl
Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...
CVE-2026-46586
Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...
CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...
CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...
CVE-2026-46586
Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...
CVE-2026-46586
CVE-2026-46586 affects Apache OFBiz prior to 24.09.06 and is described as an Improper Control of Generation of Code (Code Injection) and Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) vulnerability. The issue enables injection/execution through Groovy code in...
EUVD-2026-30876
Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...