19 matches found
Remote Code Execution (RCE)
dedoc/scramble is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe evaluation of user-controlled input during documentation generation, which allows an attacker to execute arbitrary PHP code in the application context...
Remote Code Execution (RCE)
Flowise is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized evaluation of user input in the “Supabase RPC Filter” field, which allows an attacker to execute arbitrary code on the affected system...
EUVD-2025-7190
Malicious code in bioql PyPI...
CVE-2022-30083
EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code remote...
CVE-2025-32461
wikipluginincludetpl in lib/wiki-plugins/wikipluginincludetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3...
CVE-2025-2303
CVE-2025-2303 (Block Logic – Full Gutenberg Block Display Control) affects the WordPress Block Logic plugin (versions
streamlit-geospatial 安全漏洞
streamlit-geospatial is a streamlit multi-page application for geospatial applications open-sourced by Open Geospatial Solutions. A security vulnerability exists in streamlit-geospatial that stems from 8????? The visparams variable in RasterDataVisualization.py accepts user input that is then use...
Pymatgen Security Vulnerability
pymatgen is an open source Python library for material analysis. A security vulnerability exists in versions of Pymatgen prior to 2024.2.20, which stems from the unsafe use of the eval function to process input, which enables the execution of arbitrary code when parsing untrusted input...
CVE-2023-43364
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...
CVE-2023-43364
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...
CVE-2022-46161 Code injection in pdfmake
pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code...
PT-2022-27778 · Pdfmake · Pdfmake
Name of the Vulnerable Software and Affected Versions: pdfmake versions up to and including 0.2.5 Description: pdfmake contains an unsafe evaluation of user-controlled input, which can lead to arbitrary code execution in the context of the process running the pdfmake code. Users are advised to...
CVE-2022-30083
EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code remote...
CVE-2021-41720
Removed by vendor...
The vulnerability of the Util/PHP/eval-stdin.php component of the PHPUnit framework, which allows a hacker to execute arbitrary PHP code.
The vulnerability of the Util/PHP/eval-stdin.php component of the PHPUnit framework is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary PHP code using a specially crafted HTTP POST request...
Apache Struts 2 vulnerable to remote code execution (S2-061)
Overview Apache Struts 2 provided by The Apache Software Foundation contains a remote code execution vulnerability due to improper input validation CWE-20. Masato Anzai of Aeye Security Lab, inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...
Django Denial-of-service in strip_tags()
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
luci: privilege escalation through cluster with specially crafted configuration
It was discovered that luci used eval on inputs containing strings from the cluster configuration file when generating its web pages. An attacker with privileges to create or edit the cluster configuration could use this flaw to execute arbitrary code as the luci user on a host running luci...
bash -- out-of-bounds memory access in parser
RedHat security team reports: It was discovered that the fixed-sized redirstack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. An off-by-one...