CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

793 matches found

Snyk•added 2026/05/11 4:20 p.m.•6 views

Eval Injection

Overview angular-expressions is an Angular expression as standalone module. Affected versions of this package are vulnerable to Eval Injection when using filters. An attacker can execute arbitrary code on the system by crafting a malicious expression that escapes the intended sandbox. Remediation...

10CVSS6.2AI score0.00476EPSS

Exploits0References2

Vulnrichment•added 2026/05/08 2:21 p.m.•5 views

CVE-2025-67486 Dolibarr has an Authenticated Remote Code Execution via eval() injection in user extrafields

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is pass...

8.6CVSS6.7AI score0.00881EPSS

Exploits1References2

CVE•added 2026/05/08 2:21 p.m.•9 views

CVE-2025-67486

Dolibarr ERP/CRM (versions 22.0.2 and earlier) is affected by an authenticated remote code execution via eval() injection in the user extrafields feature. User-controlled input from the “computed value” field is passed to PHP eval without proper sanitization, enabling an authenticated administrat...

8.6CVSS6.7AI score0.00881EPSS

Exploits1References2Affected Software1

Snyk•added 2026/05/04 6:26 p.m.•6 views

Eval Injection

Overview pptagent is an An Agentic Framework for Reflective PowerPoint Generation Affected versions of this package are vulnerable to Eval Injection via the eval function when processing code generated by large language models with built-in functions available in the execution scope. An attacker...

8.6CVSS6.2AI score0.00144EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in libmodule-scandeps-perl

Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...

7.8CVSS7.6AI score0.08598EPSS

Exploits3References2

Snyk•added 2026/04/23 12:31 a.m.•4 views

Eval Injection

Overview verl is a verl: Volcano Engine Reinforcement Learning for LLM Affected versions of this package are vulnerable to Eval Injection via the mathequal function. An attacker can execute arbitrary code by supplying crafted input that is processed by an unsafe evaluation mechanism. Remediation...

6.3CVSS6.5AI score0.00266EPSS

Exploits0References2

Cvelist•added 2026/04/20 3:0 p.m.•29 views

CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

5.8CVSS0.00244EPSS

Exploits0References4

NVD•added 2026/04/14 1:16 a.m.•3 views

CVE-2026-39423

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including...

6.9CVSS0.00173EPSS

Exploits0References3

Vulnrichment•added 2026/04/14 12:28 a.m.•2 views

CVE-2026-39423 Stored XSS via Eval Injection in EchartsRander Component

6.9CVSS6.1AI score0.00173EPSS

Exploits0References3

Cvelist•added 2026/04/14 12:28 a.m.•22 views

CVE-2026-39423 Stored XSS via Eval Injection in EchartsRander Component

6.9CVSS0.00173EPSS

Exploits0References3

ATTACKERKB•added 2026/04/14 12:28 a.m.•1 views

CVE-2026-39423

6.9CVSS6.1AI score0.00173EPSS

Exploits0References4Affected Software1

CVE•added 2026/04/14 12:28 a.m.•15 views

CVE-2026-39423

Summary (CVE-2026-39423) MaxKB (enterprise open‑source) × affected version: 2.7.1 and earlier. A vulnerability in the Markdown rendering engine enables an Eval Injection that lets any user in the AI chat interface execute arbitrary JavaScript in other users’ browsers, including administrators, le...

6.9CVSS6.1AI score0.00173EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/14 12:28 a.m.•7 views

EUVD-2026-22184

6.9CVSS6.1AI score0.00173EPSS

Exploits0References3

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32577

6.9CVSS6.1AI score0.00173EPSS

Exploits0References4

RedhatCVE•added 2026/04/13 7:24 p.m.•2 views

CVE-2026-4837

An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...

7.2CVSS6.5AI score0.0041EPSS

Exploits0References1

Veracode•added 2026/04/11 5:35 a.m.•4 views

Eval Injection

Agno is vulnerable to Eval Injection. The vulnerability is due to unsafe use of eval on the fieldtype parameter without proper validation, which allows an attacker to execute arbitrary Python code by manipulating input...

9.8CVSS5.8AI score0.00852EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2026/04/09 6:31 p.m.•4 views

FoundationAgents MetaGPT vulnerable to eval injection

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

9.8CVSS6.7AI score0.00387EPSS

Exploits1References8Affected Software1