15 matches found
EUVD-2026-30803
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval Injection...
EUVD-2026-30951
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...
CVE-2026-8838
Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...
CVE-2026-8838
Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...
Amazon Redshift Python Connector 代码注入漏洞
The Amazon Redshift Python Connector is a Python-compatible connector for Amazon Redshift developed by Amazon, Inc. Versions of the Amazon Redshift Python Connector prior to version 2.1.14 contained a code injection vulnerability. This vulnerability stemmed from the unsafe use of the Python eval...
CVE-2026-31230
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...
CVE-2011-10033 WordPress Plugin is-human <= v1.4.2 Eval Injection RCE
The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...
EUVD-2013-7270
Malware in sbrugna...
CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive
Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...
CVE-2013-10051
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...
CVE-2013-10051 InstantCMS <= 1.6 Remote PHP Code Execution
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...
PT-2025-31688 · Unknown · Instantcms
Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 1.7 Description: A remote PHP code execution issue exists due to the unsafe use of the eval function within the search view handler. User-supplied input via the look parameter is concatenated into a PHP expression...
GHSA-5FH8-X9XC-HXMC irisnet-crypto RCE Vulnerability
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...
Code injection
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...
CVE-2019-9115
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...