CVE-2026-46751 Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service.

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

The vulnerability of the Util/PHP/eval-stdin.php component of the PHPUnit framework, which allows a hacker to execute arbitrary PHP code.

The vulnerability of the Util/PHP/eval-stdin.php component of the PHPUnit framework is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary PHP code using a specially crafted HTTP POST request...