CVE-2024-39173

calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.

The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted INSERT query...

Remote Code Execution (RCE)

nameless-cli is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

vBulletin allows arbitrary code execution

OVERVIEW ======== vBulletin http://www.vbulletin.com is a commonly used web forum system written in PHP. One of its key features is use of templates, which allow the board administrator to dynamically modify the look of the board. vBulletin templates are parsed with the eval function. This could ...