CVE-2025-13711

Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-13711 Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability

Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must visit a...

PT-2024-13835 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 7.2.4 Description: An issue was discovered in Couchbase Server where cURL calls to the "/diag/eval" API endpoint are not sufficiently restricted. Recommendations: For versions prior to 7.2.4, update to versi...

CVE-2018-15728

Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the...

Code injection

Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the...