CVE-2026-12866

A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

PrestaShop - SQL Injection to Eval Injection

PrestaShop versions from 1.6.0.10 and before 1.7.8.7 contain an SQL injection caused by unsanitized user input, letting attackers chain the vulnerability to call PHP's Eval function, exploit requires attacker to send malicious input. id: CVE-2022-31181 info: name: PrestaShop - SQL Injection to Ev...

LotusCMS 3.0 - Remote Code Execution

LotusCMS 3.0 is susceptible to remote code execution via the Router function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call and allow remote code execution. id: CVE-2011-0518 info: name: LotusCMS 3.0 - Remote Code Execution author: pikpikcu...

EUVD-2026-38569

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT...

CVE-2026-12866

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...

CVE-2026-12866

The CVE-2026-12866 entry concerns the npm package expr-eval. Affected versions are vulnerable to Code Execution via the toJSFunction() API, where user-supplied expressions are transformed into executable JavaScript with new Function(), allowing an attacker to escape the sandbox and run arbitrary ...

CVE-2026-12866

All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...

PT-2026-51474

Name of the Vulnerable Software and Affected Versions expr-eval affected versions not specified Description Code Execution is possible via the 'toJSFunction' API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first gain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw resides within...

Astra Linux – Vulnerability in libmodule-scandeps-perl

Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...

EUVD-2026-37730

python-statemachine SCXML Eval Injection...

python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

Duplicate Advisory: picklescan missing detection by simple obfuscation of a `builtins.eval` call

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9m3x-qqw2-h32h. This link is maintained to preserve external references. Original Description picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute...

CVE-2026-53875

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable,...

CVE-2026-53874

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle i...

Malicious code in quirky-token (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b263413912feb72882ee0b52e7025c636ed98472ba90e6db4714b3b111b4e2e8 The package is advertised as an SVG sanitizer but exposes an undocumented getPlugin export whose returned function fetches JSON from...

CVE-2026-47103

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...

CVE-2026-53875

CVE-2026-53875 affects picklescan (prior to 1.0.3). The vulnerability is a scanning bypass in scan_pytorch that allows embedding malicious magic numbers via dynamic eval using the reduce trick, enabling crafted PyTorch payloads to evade detection while remaining executable and potentially leading...

CVE-2026-53875 picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable,...