2427 matches found
CVE-2026-40032 UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution
UAC Unix-like Artifacts Collector before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the runcommand function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell...
CVE-2026-40032
CVE-2026-40032 affects UAC (Unix-like Artifacts Collector) up to version 3.3.0-rc1. The vulnerability is a command injection in the placeholder substitution and command execution pipeline: _run_command() passes constructed command strings directly to eval without proper sanitization, enabling arb...
CVE-2026-40032
UAC Unix-like Artifacts Collector before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the runcommand function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell...
CVE-2026-40032 UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution
UAC Unix-like Artifacts Collector before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the runcommand function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell...
CVE-2026-4837
An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...
CVE-2026-4837
CVE-2026-4837 concerns an eval() injection in the beaconing logic of the Rapid7 Insight Agent for Linux. Reported across multiple sources, it could theoretically allow remote code execution as root via a crafted beacon response. The internal mechanism relies on mutual TLS (mTLS) to verify command...
CVE-2026-4837 Eval Injection in Rapid7 Insight Agent
An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...
CVE-2026-4837 Eval Injection in Rapid7 Insight Agent
An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...
Exploit for Eval Injection in Langflow
CVE-2026-33017 - Langflow Unauthenticated RCE...
Rapid7 Insight Agent 安全漏洞
Rapid7 Insight Agent is a lightweight software developed by Rapid7 Corporation in the United States. This software is capable of collecting data from IT assets. Rapid7 Insight Agent has a security vulnerability, which stems from an eval function injection, potentially leading to remote code...
PT-2026-31327
Name of the Vulnerable Software and Affected Versions Rapid7 Insight Agent versions affected versions not specified Description A flaw exists in the beaconing logic of the Rapid7 Insight Agent for Linux, potentially allowing an attacker to execute code remotely as root through a crafted beacon...
PT-2026-31469
UAC Unix-like Artifacts Collector before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the run command function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell...
Exploit for Eval Injection in Langflow
CVE-2026-33017-Langflow-POC Proof-of-con...
antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2026-24175 via nvidia-pytriton (=0.7.0)
nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2026-24175 Source advisory:...
antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2026-24173 via nvidia-pytriton (=0.7.0)
nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2026-24173 Source advisory:...
antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2026-24146 via nvidia-pytriton (=0.7.0)
nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2026-24146 Source advisory:...
Eval Injection
Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to Eval Injection via the dolevalstandard function. An attacker can execute arbitrary commands by injecting malicious payloads through computed extrafields...
CVE-2026-22666
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dolevalstandard function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator privileges can inject...
UBUNTU-CVE-2026-22666
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dolevalstandard function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator privileges can inject...
CVE-2026-5594
A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit has been made...