EUVD-2026-32105

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...

PT-2026-43569

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 3.8.5. This is due to the plugin using the BladeOne templating engine's runString method which compiles user-supplied template content into PHP code and executes it via eval...

IO-Compress 安全漏洞

IO-Compress is a Perl library developed by Paul Marquess, which supports various compression formats. Versions of IO-Compress prior to 2.220 contained security vulnerabilities. These vulnerabilities stemmed from File::GlobMapper, where arbitrary code could be executed through an output glob...

Exploit for CVE-2026-27384

CVE-2026-27384 CVE-2026-27384 — W3 Total Cache mfunc/eval...

MAL-2026-4781 Malicious code in unique-id-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab3b19e4bd1602de93ca092a5909f8b69927c01d5a690d3484116024dfc46e2 Package impersonates the well-known sindresorhus/unique-string utility: package.json copies the author block name 'Sindre Sorhus', email...

AI-Code-Vulnerability-Scanner

AI-Code-Vulnerability-Scanner The AI Code Vulnerability Scanne...

MAL-2026-4611 Malicious code in midpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe668e556f4b46fce125c318ebc3bea93185c78ec36c19f8991bbcb36172a62b The package advertises a logger middleware keywords fast/logger/stream/json, exports module.exports.pino = middleware, file.js wraps a ./pino module ...

MAL-2026-4695 Malicious code in turbo-axios (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62503451ade68043379968f3dc4784fdb66424d55422854514e3ba1b10058324 turbo-axios is a typosquat of the popular axios HTTP client it re-exports the full axios API and reuses axios's repository/homepage metadata in...

CVE-2026-9302

A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...

CVE-2026-9302 546669204 vps-inventory-monitoring VpsTest Console VpsTest.php eval code injection

A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...

CVE-2026-9302

546669204 vps-inventory-monitoring (VpsTest Console) is affected via the VpsTest.php file’s eval usage. The vulnerability arises from manipulating the argument vf in the function eval, allowing remote code execution. Public exploit exists. The project uses a rolling release, and the CVE record do...

vps-inventory-monitoring 代码注入漏洞

vps-inventory-monitoring is a web inventory monitoring tool developed by individual developer 546669204. vps-inventory-monitoring has a code injection vulnerability, which stems from the use of the eval function in the VpsTest Console component file app/index/command/VpsTest.php, specifically...

Malicious code in @link-assistant/hive-mind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dfeaad3a9eda8f440dabe165d4ff6ba593c9858b9752d9bded19b05b292072a The package fetches https://unpkg.com/use-m/use.js — an unpinned URL that resolves to the latest published version of the third-party use-m package —...

CVE-2026-46586

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

Astra Linux - уязвимость в pillow

Pillow through 10.1.0 allows for arbitrary code execution via the environment parameter. This is a different vulnerability than CVE-2022-22817, which involved the expression parameter...

Astra Linux - уязвимость в pillow

In Pillow’s PIL.ImageMath.eval before version 9.0.0, it was possible to evaluate arbitrary expressions, including those that used the Python exec method. A lambda expression could also be used...

Astra Linux - уязвимость в libmodule-scandeps-perl

Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...

Astra Linux - уязвимость в node-thenify

This affects the thenify package before version 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this value is passed to the eval function without any sanitization...

Astra Linux - уязвимость в linux-5.10, linux

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first gain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw resides within...

Malicious code in get-deps-path (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65fa6f34a831aa832f9d88019ce3d0f4011701df6ab0667bd263645208c978ce On require, get-deps-path immediately invokes getPlugin, which performs an HTTP fetch to https://jsonkeeper.com/b/QBRMI an anonymous public paste hos...