CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...

CVE-2005-2837

Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via 1 Help.pm, 2 International.pm, or 3 WebGUI.pm...

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

DEBIAN-CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

UBUNTU-CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

CVE-2025-26845

CVE-2025-26845 describes an Eval Injection vulnerability in Znuny up to version 7.1.3. A user with write access to the configuration file can cause code execution via the command that runs the backup.pl script, effectively allowing escalation to the user running that script. The primary affected ...

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

BIT-DOLIBARR-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

Composio Eval Injection Vulnerability

In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...

VulnCheck KEV: CVE-2025-24893

XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch...

Linux Distros Unpatched Vulnerability : CVE-2011-1760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e...

Eval Injection

Overview Affected versions of this package are vulnerable to Eval Injection via the SolrSearch process. An attacker can execute arbitrary code on the server by sending a crafted request to the vulnerable endpoint. Workaround This vulnerability can be mitigated by editing Main.SolrSearchMacros in...

CVE-2022-41928

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...

CVE-2022-41931

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...

CVE-2020-9406

IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...

Exploit for Code Injection in Geoserver

CVE-2024-36401 Usage bash python3 e...

TestRail CLI FieldsParser eval Injection

This is not a very exciting vulnerability, but I had already publicly disclosed it on GitHub at the request of the vendor. Since that report has disappeared, the link I had provided to MITRE was invalid, so here it is again. -Devin --- Unsafe eval in TestRail CLI FieldsParser Date Reported:...