PT-2025-54459

Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.23.0 Description RAGFlow is a Retrieval-Augmented Generation engine susceptible to arbitrary system command execution. A low-privileged authenticated user can execute commands on the server host process through the...

GHSA-6556-FWC2-FG2P Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length

Summary Picklescan uses the numpy.f2py.crackfortran.evallength function a NumPy F2PY helper to execute arbitrary Python code during unpickling. Details Picklescan fails to detect a malicious pickle that uses the gadget numpy.f2py.crackfortran.evallength in reduce, allowing arbitrary command...

CVE-2025-14509

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

EUVD-2025-205769

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

CVE-2025-14509 Lucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

PT-2025-53921

Name of the Vulnerable Software and Affected Versions Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress versions up to and including 1.1.13 Description The software contains a PHP Code Injection issue stemming from the use of eval to process user-provided input from the 'Conditional...

WordPress plugin Lucky Wheel for WooCommerce – Spin a Sale 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based...

EUVD-2025-205659

Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.parameval...

Exploit for Improper Certificate Validation in Apache Http_Server

Uefiscdi-Gov-Ro-Vulnerability- UNTESTED PAYLOADS, WAF-BYPASS,...

Exploit for CVE-2025-54322

CVE-2025-54322 - XSpeeder SXZOS Pre-Auth RCE Scanner !Licen...

CVE-2025-13711

Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-13711 Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability

Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-13307

The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set editpages capability. The conditions are then executed as part of an eval...

CVE-2025-13307

CVE-2025-13307 affects the Ocean Modal Window WordPress plugin (versions before 2.3.3). The vulnerability arises from modal display logic that can be triggered by user-controlled conditions set by Editors/Administrators (edit_pages capability). These conditions are evaluated in an eval statement ...

Mozilla Firefox < 3.0.6

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.0.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-02 advisory. - Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass...

megatron-bridge (>=0.1.0rc0 <=0.3.1), nemo-eval (>=0.1.0rc1 <=0.2.0rc0) +1 more potentially affected by CVE-2025-33225 via nvidia-resiliency-ext (>=0.3.0 <=0.4.1)

nvidia-resiliency-ext PYPI version =0.3.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2025-33225 Source advisory: SNYK:PYTHON-NVIDIARESILIENCYEXT-14459109...

nemo-eval (>=0.1.0rc1 <=0.1.0rc2), nemo-export-deploy (>=0.1.0 <=0.2.0rc1) potentially affected by CVE-2025-33235 via nvidia-resiliency-ext (=0.3.0)

nvidia-resiliency-ext PYPI version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-resiliency-ext and may be impacted: - nemo-eval =0.1.0rc1, =0.1.0, =0.2.0rc1 Source cves: CVE-2025-33235 Source advisory:...

SnailJob 安全漏洞

SnailJob is a flexible, reliable and efficient distributed task retrying and task scheduling platform from aizuda open source. A security vulnerability exists in SnailJob 1.6.0 and earlier versions, which stems from a change to the file...

TorchGeo Remote Code Execution Vulnerability

Impact TorchGeo 0.4–0.6.0 used an ""eval"" https://docs.python.org/3/library/functions.htmleval statement in its model weight API that could allow an unauthenticated, remote attacker to execute arbitrary commands. All platforms that expose ""torchgeo.models.getweight""...

CVE-2025-65530

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file...