picoctf-2025-unsafe-eval-writeup

picoCTF 2025 — Unssafe Eval Web Exploitation Challenge:...

CVE-2026-42423

OpenClaw prior to 2026.4.8 contains an approval-timeout fallback that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. This allows an attacker to exploit the timeout fallback to execute inline eval commands that would normally require explicit user approval...

CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...

Eval Injection

Overview verl is a verl: Volcano Engine Reinforcement Learning for LLM Affected versions of this package are vulnerable to Eval Injection via the mathequal function. An attacker can execute arbitrary code by supplying crafted input that is processed by an unsafe evaluation mechanism. Remediation...

GHSA-H57C-V2V3-5V3V verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()

A vulnerability was identified in ByteDance verl up to 0.7.1. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to a sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

GHSA-FFQ5-QPVF-XQ7X OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

PT-2026-36880

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 7.0.0 Description The Command Sender UI uses an unsafe eval function on array-like command parameters. This allows a user-supplied payload to execute in the browser when sending a command, creating a self-XSS...

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the msg or callback fields. On the client side, plugin/YPTSocket/script.js contains two eval...

WWBN AVideo 代码注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a code injection vulnerability. This vulnerability stemmed from the WebSocket server in the YPTSocket plugin, which forwarded JSON messages provided by attackers...

CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

VulnCheck KEV: CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

org.webjars.npm:built-in-math-eval (=0.3.0), org.webjars.npm:interval-arithmetic-eval (=0.4.6) potentially affected by CVE-2026-41507 via org.webjars.npm:math-codegen (=0.3.5)

org.webjars.npm:math-codegen MAVEN version =0.3.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:math-codegen and may be impacted: - org.webjars.npm:built-in-math-eval =0.3.0 - org.webjars.npm:interval-arithmetic-eval =0.4.6 Source cve...

built-in-math-eval (>=0.1.0 <=0.3.1), function-plot (>=1.0.0 <=1.14.0) +1 more potentially affected by CVE-2026-41507 via math-codegen (>=0.2.5 <=0.4.2)

math-codegen NPM version =0.2.5, =0.1.0, =1.0.0, =0.2.0, =0.5.2 Source cves: CVE-2026-41507 Source advisory: OSV:GHSA-P6X5-P4XF-CC4R...

built-in-math-eval (>=0.1.0 <=0.3.1), function-plot (>=1.0.0 <=1.14.0) +1 more potentially affected by CVE-2026-41507 via math-codegen (>=0.2.5 <=0.4.2)

math-codegen NPM version =0.2.5, =0.1.0, =1.0.0, =0.2.0, =0.5.2 Source cves: CVE-2026-41507 Source advisory: SNYK:JS-MATHCODEGEN-16420747...

GHSA-GPH2-J4C9-VHHR WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks

Summary The YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the msg or callback fields. On the client side, plugin/YPTSocket/script.js contains two eval sinks fed directly by those relayed fields...

CVE-2026-39423

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including...

CVE-2026-39423 Stored XSS via Eval Injection in EchartsRander Component

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including...

CVE-2026-39423 Stored XSS via Eval Injection in EchartsRander Component

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including...