Lucene search
K

77 matches found

OSV
OSV
added yesterday3 views

MAL-2026-10452 Malicious code in markdown-editable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b15669732f3eaec42e12c5f8d41a8f74d595fc04f709804de9768cb1719a94 The package's package.json declares a preinstall hook node index.d.js that runs automatically on npm install. The script in index.d.js base64-decodes...

6.2AI score
Exploits0References4
CVE
CVE
added 6 days ago22 views

CVE-2026-14158

The Widget Logic Visual plugin for WordPress is affected by a Remote Code Execution vulnerability in all versions up to 1.52. The issue arises in the widget_logic_visual_check_visibility flow and the widget-logic-update-conditional-tags AJAX action due to missing capability check and nonce verifi...

8.8CVSS6.3AI score0.00516EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.30 views

CVE-2025-71362 picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS0.003EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 6:16 p.m.6 views

MAL-2026-6533 Malicious code in react-dynamic-table-compenent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55ead8b66faca1e08b2babafa252da2371b535c010a5c14d8b0d0e2a44aadf8 Package name misspells 'component' as 'compenent', a one-letter typosquat of react-dynamic-table-component. The package's postinstall script runs nod...

6.2AI score
Exploits0References2
NVD
NVD
added 2026/06/16 8:16 p.m.11 views

CVE-2026-12425

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting XSS. This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it...

7.4CVSS0.00149EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 8:7 p.m.16 views

Malicious Package

Overview moustick is a malicious package. This package contains malicious code that fetches and eval a remote payload from attacker-controlled URL https://www.jsonkeeper.com/b/MYUKZ on require in moustick/index.js. The payload is designed to extract RELAYERPRIVATEKEY and JWTSECRET from the victim...

9.8CVSS5.6AI score
Exploits0References2
CVE
CVE
added 2026/06/04 5:2 p.m.32 views

CVE-2026-10796

Vulnerability summary (CVE-2026-10796) : nvm (Node Version Manager)

7.5CVSS6.1AI score0.00464EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/29 7:32 p.m.30 views

EUVD-2026-30803

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval Injection...

9.8CVSS5.8AI score0.00808EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/05/24 11:29 a.m.97 views

AI-Code-Vulnerability-Scanner

AI-Code-Vulnerability-Scanner The AI Code Vulnerability Scanne...

6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 5:52 p.m.12 views

Malicious code in corelia (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2b637971f597ba9572b4cecfab0de4981d19620d585b1958b1bb37b004fae8f The package impersonates the popular pino logger README header 'corelia Pino', homepage https://getpino.io, main file pino.js, npm version badge...

6AI score
Exploits0References2
EUVD
EUVD
added 2026/05/19 12:0 a.m.10 views

EUVD-2026-30951

A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...

5.4CVSS6AI score0.00743EPSS
Exploits0References2
NVD
NVD
added 2026/05/18 9:16 p.m.39 views

CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

9.8CVSS0.00808EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:15 p.m.10 views

CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

9.8CVSS6.2AI score0.00808EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

Amazon Redshift Python Connector 代码注入漏洞

The Amazon Redshift Python Connector is a Python-compatible connector for Amazon Redshift developed by Amazon, Inc. Versions of the Amazon Redshift Python Connector prior to version 2.1.14 contained a code injection vulnerability. This vulnerability stemmed from the unsafe use of the Python eval...

9.8CVSS6.1AI score0.00808EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

MCP Calculate Server 代码注入漏洞

MCP Calculate Server is a mathematical calculation service tool developed by 611711Dark, based on the MCP protocol. Versions of MCP Calculate Server prior to 0.1.1 contained a code injection vulnerability. This vulnerability arose from the use of eval to evaluate mathematical expressions without...

9.8CVSS6.2AI score0.00478EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 12:0 a.m.14 views

CVE-2025-67031

ORSEE 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values starting with the prefix "func:" , which are passed directly into an eval() call inside tagsets/participant.php and tagsets/o...

6.3CVSS5.8AI score0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.37 views

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

0.00554EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.13 views

CVE-2025-67486

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is pass...

8.6CVSS6.7AI score0.00881EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/03 2:15 p.m.7 views

CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

6.5CVSS6.3AI score0.00291EPSS
Exploits0References4
NVD
NVD
added 2026/04/10 7:16 p.m.5 views

CVE-2026-33618

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

8.8CVSS0.00319EPSS
Exploits0References2
Rows per page
Query Builder