336 matches found
EUVD-2024-49230
Malicious code in bioql PyPI...
TOTOLINK A3002R eval function command injection vulnerability
The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. TOTOLINK A3002R suffers from a command injection vulnerability that stems from the presence of command...
CVE-2025-55585
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval function...
TOTOLINK A3002R 安全漏洞
The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. TOTOLINK A3002R suffers from a command injection vulnerability that stems from the presence of command...
CVE-2013-10051 InstantCMS <= 1.6 Remote PHP Code Execution
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...
CVE-2025-51472
Code Injection in AgentTemplate.evalagentconfig in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval without validati...
CVE-2024-39289
A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...
CVE-2024-41148
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...
UBUNTU-CVE-2024-39289
A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...
UBUNTU-CVE-2025-3753
A code execution vulnerability has been identified in the Robot Operating System ROS 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval function to process unsanitized, user-supplied input in the 'rosbag filter' command. This...
CVE-2025-3753 Unsafe use of eval() method in rosbag tool
A code execution vulnerability has been identified in the Robot Operating System ROS 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval function to process unsanitized, user-supplied input in the 'rosbag filter' command. This...
Robot Operating System 安全漏洞
Robot Operating System is a meta-operating system for ROS 2 open source robots. A security vulnerability exists in Robot Operating System that stems from the rosbag tool's use of the eval function to process uncleaned user input, which could lead to the execution of arbitrary Python code...
Robot Operating System 安全漏洞
Robot Operating System is a meta-operating system for ROS 2 open source robots. A security vulnerability exists in Robot Operating System that stems from the echo verb of the rostopic tool using the eval function to process uncleared user input, which could lead to the execution of arbitrary code...
PT-2025-27339 · Unknown · Position Department Service Quality Evaluation System
Name of the Vulnerable Software and Affected Versions: Conjure Position Department Service Quality Evaluation System versions up to 1.0.11 Description: A critical vulnerability has been found in the Conjure Position Department Service Quality Evaluation System. The issue affects the eval function...
CVE-2025-32798 Conda-build Allows Arbitrary Code Execution via Malicious Recipe Selectors
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process...
CVE-2025-32798 Conda-build Allows Arbitrary Code Execution via Malicious Recipe Selectors
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process...
PT-2025-25585 · Unknown · Conda-Build
Name of the Vulnerable Software and Affected Versions: conda-build versions prior to 25.4.0 Description: The conda-build recipe processing logic is vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. This is because conda-build uses the eval function to process...
CVE-2024-39173
calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...
CVE-2023-30454
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...
CVE-2021-38305
23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...