Lucene search
+L

803 matches found

CVE
CVE
added 2026/04/14 12:28 a.m.28 views

CVE-2026-39423

Summary (CVE-2026-39423) MaxKB (enterprise open‑source) × affected version: 2.7.1 and earlier. A vulnerability in the Markdown rendering engine enables an Eval Injection that lets any user in the AI chat interface execute arbitrary JavaScript in other users’ browsers, including administrators, le...

6.9CVSS6.1AI score0.00173EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.13 views

PT-2026-32577

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including...

6.9CVSS6.1AI score0.00173EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.6 views

CVE-2026-4837

An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...

7.2CVSS6.5AI score0.0041EPSS
Exploits0References1
Veracode
Veracode
added 2026/04/11 5:35 a.m.11 views

Eval Injection

Agno is vulnerable to Eval Injection. The vulnerability is due to unsafe use of eval on the fieldtype parameter without proper validation, which allows an attacker to execute arbitrary Python code by manipulating input...

9.8CVSS5.8AI score0.00852EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/09 6:31 p.m.4 views

GHSA-3GHP-8R47-4GJ4 FoundationAgents MetaGPT vulnerable to eval injection

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

7.3CVSS6.7AI score0.00387EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/04/09 6:31 p.m.9 views

FoundationAgents MetaGPT vulnerable to eval injection

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

9.8CVSS6.7AI score0.00387EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2026/04/08 5:21 p.m.5 views

CVE-2026-4837

An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...

7.2CVSS0.0041EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 3:59 p.m.3 views

CVE-2026-4837 Eval Injection in Rapid7 Insight Agent

An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...

6.6CVSS6.5AI score0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 3:59 p.m.25 views

CVE-2026-4837 Eval Injection in Rapid7 Insight Agent

An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...

6.6CVSS0.0041EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 3:59 p.m.25 views

CVE-2026-4837

CVE-2026-4837 concerns an eval() injection in the beaconing logic of the Rapid7 Insight Agent for Linux. Reported across multiple sources, it could theoretically allow remote code execution as root via a crafted beacon response. The internal mechanism relies on mutual TLS (mTLS) to verify command...

7.2CVSS6.5AI score0.0041EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/08 6:56 a.m.139 views

Exploit for Eval Injection in Langflow

CVE-2026-33017 - Langflow Unauthenticated RCE...

9.8CVSS6.4AI score0.98191EPSS
Exploits21
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.11 views

PT-2026-31327

Name of the Vulnerable Software and Affected Versions Rapid7 Insight Agent versions affected versions not specified Description A flaw exists in the beaconing logic of the Rapid7 Insight Agent for Linux, potentially allowing an attacker to execute code remotely as root through a crafted beacon...

6.6CVSS6AI score0.0041EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/07 11:54 p.m.129 views

Exploit for Eval Injection in Langflow

CVE-2026-33017-Langflow-POC Proof-of-con...

9.8CVSS6AI score0.98191EPSS
Exploits21
Snyk
Snyk
added 2026/04/07 2:13 p.m.4 views

Eval Injection

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to Eval Injection via the dolevalstandard function. An attacker can execute arbitrary commands by injecting malicious payloads through computed extrafields...

8.6CVSS6.1AI score0.15527EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2026/04/07 1:16 p.m.5 views

CVE-2026-22666

Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dolevalstandard function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator privileges can inject...

8.6CVSS6AI score0.15527EPSS
Exploits2References6
Snyk
Snyk
added 2026/04/02 4:29 p.m.2 views

Eval Injection

Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to Eval Injection via the fieldtype parameter in the model execution process. An attacker can execute arbitrary Python code by manipulating the value passed to the eva...

9.8CVSS6.3AI score0.00852EPSS
Exploits0References2
OSV
OSV
added 2026/04/02 3:31 p.m.6 views

GHSA-77RH-M34W-RV36 Agno is vulnerable to Eval Injection

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

9.3CVSS6.8AI score0.00852EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/02 3:31 p.m.7 views

Agno is vulnerable to Eval Injection

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

9.8CVSS6.8AI score0.00852EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 2:34 p.m.3 views

CVE-2026-35002 Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

9.3CVSS6.7AI score0.00852EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 7:26 p.m.3 views

Eval Injection

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Eval Injection via the resolvetype function. An attacker can execute arbitrary code by supplying crafted input that is improperly neutralized before being evaluated. No...

9.8CVSS6.8AI score0.00604EPSS
Exploits1References2
Rows per page
Query Builder