CVE-2025-55585

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval function...

Linux Distros Unpatched Vulnerability : CVE-2018-1999022

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method,...

Exploit for CVE-2025-50881

CVE-2025-50881: Remote Code Execution in API Use it Flow via m...

CVE-2025-6101

CVE-2025-6101 affects the letta-ai letta project up to version 0.4.1. The vulnerable component is the function_message logic in the file letta/letta/interface.py, where manipulation of the arguments function_name/function_args enables improper neutralization of directives in dynamically evaluated...

CVE-2025-6101 letta-ai letta interface.py function_message eval injection

A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function functionmessage of the file letta/letta/interface.py. The manipulation of the argument functionname/functionargs leads to improper neutralization of directives in dynamically evaluated...

BIT-MARIADB-MIN-2021-27928

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...

CVE-2024-42845

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file...

CVE-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...

CVE-2020-15070

Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...

CVE-2020-15591

fexsrv in FEX aka Frams' Fast File EXchange before fex-201609192 allows eval injection for unauthenticated remote code execution...

CVE-2020-20298

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzztemplate.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands...

CVE-2013-0209

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injecti...

CVE-2019-13372

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication...

CVE-2019-10633

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...

CVE-2018-20988

The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation...

CVE-2019-14746

A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

CVE-2012-5932

Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...

CVE-2011-4932

Eval injection vulnerability in ipcms/modules/standard/contentmanagement/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cmgroup parameter...

CVE-2012-1625

Eval injection vulnerability in the fillpdfformexportdecode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors...