CVE-2020-11084

In iPear, the manual execution of the eval function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data files from the PC...

ROS-20250424-12

A vulnerability in the eval function of the Cloud Deployment and Query Tool modules of the database management tool pgAdmin 4 is related to incorrect code generation control when processing endpoints /sqleditor/querytool/download and /cloud/deploy with querycommitted and highavailability...

Exploit for Code Injection in Dgorissen Pycel

CVE-2024-53924 - Description: Pycel through 1.0b30, when oper...

PT-2025-17210 · Pycel · Pycel

Name of the Vulnerable Software and Affected Versions: Pycel versions 1.0b30 and earlier Description: The issue allows code execution via a crafted formula in a cell, such as one beginning with the =IFA1=200, eval" import 'os'.system substring." in an untrusted spreadsheet. Recommendations: For...

Remote Code Execution (RCE)

pgAdmin4 is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe use of Python's eval function due to unsanitized input in the querycommitted and highavailability parameters on two POST endpoints...

CVE-2025-32461

wikipluginincludetpl in lib/wiki-plugins/wikipluginincludetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3...

pgAdmin 4 Vulnerable to Remote Code Execution

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

GHSA-G73C-FW68-PWX3 pgAdmin 4 Vulnerable to Remote Code Execution

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

CVE-2025-2945

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

CVE-2024-8953

In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...

CVE-2024-9439

SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise...

CVE-2024-8953

In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...

CVE-2024-8953

In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...

CVE-2024-6982

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

CVE-2024-8953

CVE-2024-8953 affects composiohq/composio 0.4.3, where the mathematical_calculator endpoint uses the unsafe eval() function, enabling arbitrary code execution with untrusted input. Multiple connected sources confirm the issue and its impact (potential for code execution, high/severe impact). Reme...

CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

CVE-2022-36010

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

CVE-2024-43404

MEGABOT is a fully customized Discord bot for learning and fun. The /math command and functionality of MEGABOT versions 1.5.0 contains a remote code execution vulnerability due to a Python eval. The vulnerability allows an attacker to inject Python code into the expression parameter when using...

CVE-2024-21552

All versions of SuperAGI are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server...

CVE-2024-45851

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...