CVE-2026-29091

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution RCE flaw was discovered in the locutus project, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to...

Prototype Pollution

expr-eval and expr-eval-fork is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of JavaScript prototype-based inheritance in the eval interface, which allows an attacker with access to manipulate object prototypes and potentially achieve arbitrary code execution...

📄 OpenStack Remote Code Execution

A remote code execution vulnerability exists in the query parser of OpenStack Vitrage prior to versions 12.0.1, 13.0.0, 14.0.0, and 15.0.0.The issue resides in the createqueryfunction method...

GHSA-FP25-P6MJ-QQG6 locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection

Details A Remote Code Execution RCE flaw was discovered in the locutus project v2.0.39, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an...

locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection

Details A Remote Code Execution RCE flaw was discovered in the locutus project v2.0.39, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an...

Eval Injection

Overview locutus is a Locutus other languages' stadard libraries to JavaScript for fun and educational purposes Affected versions of this package are vulnerable to Eval Injection in the calluserfuncarray function, which executes eval on user-supplied input, and does not sanitize the second argume...

CVE-2026-3384

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::ASTNodeImpl::eval/chaiscript::eval::FunctionPushPop of the file include/chaiscript/language/chaiscripteval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be...

Exploit for Code Injection in Phpunit_Project Phpunit

CVE-2017-9841 Laravel-RCE: CVE-2017-9841 CVE-2017-9841 é uma...

CVE-2026-3395

Summary (CVE-2026-3395): MaxSite CMS up to 109.1 contains a flaw in the MarkItUp Preview AJAX Endpoint (preview-ajax.php) where unsanitized input is passed to run_php and evaluated via PHP eval(), enabling unauthenticated remote code execution. This is driven by weak authorization checks in the M...

CVE-2026-3395 MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection

A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editormarkitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack...

CVE-2026-3392

A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function evaltree of the file src/lilyemitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could ...

CVE-2026-3392

FascinatedBox lily up to 2.3 is affected by CVE-2026-3392. The flaw lies in the eval_tree function of src/lily_emitter.c, where manipulation leads to a null pointer dereference. Exploitation is restricted to local execution, and a public exploit has been made available. The project was informed v...

CVE-2026-3384

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::ASTNodeImpl::eval/chaiscript::eval::FunctionPushPop of the file include/chaiscript/language/chaiscripteval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be...

EUVD-2026-9119

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::ASTNodeImpl::eval/chaiscript::eval::FunctionPushPop of the file include/chaiscript/language/chaiscripteval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be...

CVE-2026-3384

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::ASTNodeImpl::eval/chaiscript::eval::FunctionPushPop of the file include/chaiscript/language/chaiscripteval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be...

CVE-2026-3384 ChaiScript chaiscript_eval.hpp Function_Push_Pop recursion

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::ASTNodeImpl::eval/chaiscript::eval::FunctionPushPop of the file include/chaiscript/language/chaiscripteval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be...

PT-2026-22514

Name of the Vulnerable Software and Affected Versions FascinatedBox lily versions prior to 2.3 Description A flaw exists in FascinatedBox lily, specifically within the eval tree function of the src/lily emitter.c file, leading to a null pointer dereference. This issue is exploitable locally. The...

Exploit for CVE-2025-70341

CVE-2025-70341: Insecure Permissions + Arbitrary Code Executio...

Eval Injection

Overview vitrage is a The OpenStack RCA Service Affected versions of this package are vulnerable to Eval Injection in the createqueryfunction function. An attacker can execute arbitrary code on the service host by sending crafted queries to the API endpoint. Remediation Upgrade vitrage to version...

Eval Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Eval Injection. An attacker can execute arbitrary code on the host system by submitting specially crafted form data that is interpreted as an expression. Note: This is only exploitable if a workflow...