MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from a Eval injection flaw in the Markdown rendering engine, which could allow any use...

Exploit for Eval Injection in Langflow

CVE-2026-33...

Exploit for Eval Injection in Xwiki

...

EUVD-2019-3223

Malware in sbrugna...

EUVD-2006-0891

Malware in sbrugna...

EUVD-2009-4799

Malware in sbrugna...

EUVD-2007-4437

Malware in sbrugna...

EUVD-2015-7613

Malware in sbrugna...

EUVD-2011-1759

Malware in sbrugna...

EUVD-2007-0533

Malware in sbrugna...

EUVD-2020-2639

Malware in sbrugna...

EUVD-2009-0817

Malware in sbrugna...

EUVD-2008-5050

Malware in sbrugna...

EUVD-2006-3813

Malware in sbrugna...

Eval Injection

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Eval Injection via the functionmessage process. An attacker can execute arbitrary code by manipulating the functionname or functionargs arguments. Remediation There is ...

GHSA-9GQ6-6936-885W MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the cod...

XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection

Impact The tags document Main.Tags in XWiki didn't sanitize user inputs properly, allowing users with view rights on the document default in a public wiki or for authenticated users on private wikis to execute arbitrary Groovy, Python and Velocity code with programming rights. This allows bypassi...

PT-2021-15430 · Eaton · Eaton Intelligent Power Manager

Name of the Vulnerable Software and Affected Versions: Eaton Intelligent Power Manager IPM versions prior to 1.69 Description: The issue concerns an unauthenticated eval injection vulnerability. It arises because the software fails to neutralize code syntax from users before using it in the dynam...

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37 10.3 before 10.3.28 10.4 before 10.4.18 and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.

...

CVE-2020-10948

Jon Hedley AlienForm2 typically installed as af.cgi or alienform.cgi 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests...