PT-2026-31679

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml fill of the file metagpt/actions/action node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated...

Malicious code in @wame/ngx-frf-utilities (npm)

Malicious package due to JS obfuscation, dynamic code execution, OS/DNS access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa63e93a0b5a6ead3de9d3680bb75a023c43b59c6db80e0072b6a239cb7d5da The package...

MAL-2026-2412 Malicious code in @wame/ngx-frf-utilities (npm)

Malicious package due to JS obfuscation, dynamic code execution, OS/DNS access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa63e93a0b5a6ead3de9d3680bb75a023c43b59c6db80e0072b6a239cb7d5da The package...

MAL-2026-2415 Malicious code in oc-aa-module-client (npm)

Multiple pieces of evidence suggest malicious intent: hex obfuscation, dynamic code execution, suspicious email, and install script executing index.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ff9a96329ad67bbc8f97ec7686f7f6a8f1b94bb76be3f8f48671cafde13fc...

MAL-2026-2406 Malicious code in @ceeferenderer/fe-renderer-sdk (npm)

Multiple evidences suggest malicious intent: code obfuscation, dynamic code execution, process access, install script, and suspicious email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feee20bafab758bb648bbe425a100a13e6d21799552a2b5566fe6029faef6ce4 Package...

EUVD-2022-45960

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-11201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor al...

CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

CVE-2025-6101

CVE-2025-6101 affects the letta-ai letta project up to version 0.4.1. The vulnerable component is the function_message logic in the file letta/letta/interface.py, where manipulation of the arguments function_name/function_args enables improper neutralization of directives in dynamically evaluated...

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

Dynamic Variable Evaluation

Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Dynamic Variable Evaluation through the eval function in the mathematicalcalculator endpoint. An attacker can execute arbitrary code by...

PT-2024-8549

Name of the Vulnerable Software and Affected Versions Chamilo LMS affected versions not specified Description The issue is related to the lack of measures to neutralize instructions in dynamically executed code in the Chamilo LMS electronic learning and content management system. Exploitation of...

The vulnerability of the Node.js software library OpenVPN Connect allows a hacker to execute arbitrary code.

The vulnerability of the Node.js software product OpenVPN Connect relates to the lack of measures to neutralize instructions in the dynamically executed code. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the OpenVPN Connect software lies in its inability to properly execute instructions in the dynamically executed code, allowing a violator to execute arbitrary code.

The vulnerability of the OpenVPN Connect software is related to the failure to implement measures to neutralize the instructions in the dynamically executed code. Exploiting this vulnerability can allow an attacker to execute arbitrary code using the DYILDINSERTLIBRARIES environment variable...

PT-2024-1066 · Openvpn · Openvpn Connect

Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.6 Description: The issue is related to the failure to neutralize instructions in dynamically executed code. Exploitation of this issue may allow an attacker to execute arbitrary code using the DYLD...

The vulnerability of the XWikiSkins class in the XWiki Platform, a platform for creating collaborative web applications, allows attackers to gain access to read, modify, or delete data.

The vulnerability of the SkinsCode.XWikiSkinsSheet method implemented in the XWikiSkins class of the XWiki Platform for creating collaborative web applications is related to the failure to neutralize instructions in the dynamically executed code when processing documents from the /SkinsCode...

Debian dla-3192 : lava - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3192 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3192-1 [email protected] https://www.debian.org/lts/security/...

Debian DSA-5260-1 : lava - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5260 advisory. - In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an...

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

Input validation

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...