CVE-2024-8953 Unsafe eval usage in composiohq/composio

In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...

CVE-2024-6982

Parisneo/lollms v9.8 exposes a remote code execution vulnerability in the Calculate function. The flaw stems from evaluating user-supplied expressions with Python eval() inside a sandbox that disables builtins and only permits math.*. An attacker can bypass the sandbox by loading the os module vi...

CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...

LiteLLM 资源管理错误漏洞

LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM has a resource management error vulnerability that stems from an insecure parsing of user input in ast.literaleval, which can be exploited by an attacker to cause a denial of service...

VulnCheck KEV: CVE-2025-24893

XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch...

Linux Distros Unpatched Vulnerability : CVE-2011-1760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e...

CVE-2020-19248

SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates...

CVE-2020-19248

SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates...

CVE-2020-19248

SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates...

Eval Injection

Overview Affected versions of this package are vulnerable to Eval Injection via the SolrSearch process. An attacker can execute arbitrary code on the server by sending a crafted request to the vulnerable endpoint. Workaround This vulnerability can be mitigated by editing Main.SolrSearchMacros in...

SUSE CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

PT-2025-5828

Name of the Vulnerable Software and Affected Versions DocsGPT versions 0.8.1 through 0.12.0 Description A vulnerability has been found in DocsGPT that could result in Remote Code Execution RCE. Due to improper parsing of JSON data using eval, an unauthorized attacker could send arbitrary Python...

CVE-2022-41928

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...

CVE-2022-41931

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...

CVE-2022-36010

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

CVE-2020-9406

IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...

CVE-2024-43404

MEGABOT is a fully customized Discord bot for learning and fun. The /math command and functionality of MEGABOT versions 1.5.0 contains a remote code execution vulnerability due to a Python eval. The vulnerability allows an attacker to inject Python code into the expression parameter when using...