CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/15 12:0 a.m.•4 views

Online Recruitment System for Economic Experiments 安全漏洞

Online Recruitment System for Economic Experiments is an open-source online recruitment system for economic experiments developed by ORSEE. Version 3.1.0 of Online Recruitment System for Economic Experiments contains a security vulnerability. This vulnerability stems from the fact that values...

6.3CVSS6.1AI score0.00252EPSS

CVE•added 2026/05/15 12:0 a.m.•6 views

CVE-2025-67031

ORSEE 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values starting with the prefix "func:" , which are passed directly into an eval() call inside tagsets/participant.php and tagsets/o...

6.3CVSS5.8AI score0.00252EPSS

CNNVD•added 2026/05/15 12:0 a.m.•5 views

MCP Calculate Server 代码注入漏洞

MCP Calculate Server is a mathematical calculation service tool developed by 611711Dark, based on the MCP protocol. Versions of MCP Calculate Server prior to 0.1.1 contained a code injection vulnerability. This vulnerability arose from the use of eval to evaluate mathematical expressions without...

9.8CVSS6.2AI score0.00333EPSS

OSSF Malicious Packages•added 2026/05/14 7:25 p.m.•6 views

Malicious code in ethers-signing-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6735be7311be4f6b4f609762cfb77504fe141bc9d8d5b5c0a75d521119aa2fa The package's npm postinstall hook executes a one-liner that uses childprocess.exec to curl/wget an unpinned Python script from a personal user's...

6.6AI score

OSV•added 2026/05/14 7:25 p.m.•2 views

MAL-2026-3774 Malicious code in ts-build-optimize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51c637ab7c13ca2f592502f3444ebb24b291422b6388563d04fb8f7ae9030d5a The package masquerades as a TypeScript helper library README is lifted from Microsoft's tslib and references --importHelpers, extends, assign, and a...

6.1AI score

RedhatCVE•added 2026/05/13 2:22 p.m.•3 views

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

8.8CVSS6.5AI score0.00214EPSS

RedhatCVE•added 2026/05/13 2:21 p.m.•3 views

CVE-2026-44128

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval...

9.3CVSS6.4AI score0.00153EPSS

RedhatCVE•added 2026/05/12 8:22 p.m.•4 views

CVE-2026-31254

The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains a code injection vulnerability CWE-94 in its training script. The script registers the Python eval function as a Hydra configuration resolver under the name eval. This allows configuration files t...

7.3CVSS6.4AI score0.0009EPSS

EUVD•added 2026/05/12 6:30 p.m.•5 views

EUVD-2026-29553

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

6.3AI score0.00102EPSS

OSV•added 2026/05/12 6:30 p.m.•1 views

GHSA-2799-6G5R-MMC7 Superduper: Remote code execution via unsafe eval in superduper query parsing

8.8CVSS6.5AI score0.00214EPSS

EUVD•added 2026/05/12 6:30 p.m.•4 views

EUVD-2026-29504

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

6.7AI score0.00314EPSS

Github Security Blog•added 2026/05/12 6:30 p.m.•3 views

Superduper: Remote code execution via unsafe eval in superduper query parsing

8.8CVSS6.5AI score0.00214EPSS

Exploits0References3Affected Software1

NVD•added 2026/05/12 6:16 p.m.•5 views

CVE-2026-31230

9.8CVSS0.00102EPSS

NVD•added 2026/05/12 4:16 p.m.•5 views

CVE-2026-31225

8.8CVSS0.00214EPSS

NVD•added 2026/05/12 4:16 p.m.•9 views

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

9.8CVSS0.00378EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•4 views

PT-2026-40066

6.5AI score0.00378EPSS

Cvelist•added 2026/05/12 12:0 a.m.•27 views

CVE-2026-31230

0.00102EPSS

CNNVD•added 2026/05/12 12:0 a.m.•4 views

Adversarial Robustness Toolbox 安全漏洞

Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the robustnessevaluationfgsmpytorch....

9.8CVSS6.1AI score0.00102EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•5 views

PT-2026-40064

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parse op part function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Althoug...

6.5AI score0.00214EPSS