CWE-95
Medium likelihoodImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
111 vulnerabilities with CWE-95
CVE-2026-29091
HIGH
Locutus <3.0.0 - RCE
CVSS 8.1
CVE-2025-50187
CRITICAL
Chamilo <1.11.28 - RCE
CVSS 9.8
CVE-2026-28370
CRITICAL
OpenStack Vitrage <12.0.1,13.0.0,14.0.0,15.0.0 - Code Injection
CVSS 9.1
CVE-2026-27493
CRITICAL
n8n <2.10.1/2.9.3/1.123.22 - Code Injection
CVSS 9.0
CVE-2026-27702
CRITICAL
Budibase <3.30.4 - Code Injection
CVSS 9.9
CVE-2025-15551
MEDIUM
TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, TL-WR845N v4 - RCE
CVSS 5.6
CVE-2020-37137
MEDIUM
PHP-Fusion 9.03.50 - RCE
CVSS 6.1
CVE-2026-1665
nvm <0.40.3 - Command Injection
CVE-2026-1470
CRITICAL
NPM N8n < 1.123.17 - Remote Code Execution
CVSS 9.9
CVE-2026-24474
Dioxus Components <commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a ...
CVE-2026-0769
CRITICAL
Langflow - Code Injection
CVSS 9.8
CVE-2026-23885
MEDIUM
Alchemy <7.4.12,8.0.3 - Code Injection
CVSS 6.4
CVE-2026-0863
HIGH
N8n < 1.123.14 - Code Injection
CVSS 8.5
CVE-2025-68271
CRITICAL
Rubygems Openc3 < 6.10.2 - Remote Code Execution
CVSS 10.0
CVE-2025-54322
CRITICAL
Xspeeder Sxzos < 2025-12-26 - Code Injection
CVSS 10.0
CVE-2025-43466
MEDIUM
macOS Tahoe 26.1 - Info Disclosure
CVSS 5.5
CVE-2025-43388
MEDIUM
macOS Tahoe 26.1 - Info Disclosure
CVSS 5.5
CVE-2025-65530
HIGH
CloudLinux ai-bolit <v32.7.4 - Code Injection
CVSS 8.8
CVE-2025-66474
HIGH
XWiki Rendering <17.5.0 - RCE
CVSS 8.8
CVE-2025-12140
Java - RCE
CVE-2025-64496
HIGH
Openwebui Open Webui < 0.6.35 - Remote Code Execution
CVSS 7.3
CVE-2025-61955
HIGH
F5OS-A F5OS-C - Privilege Escalation
CVSS 8.8
CVE-2011-10033
WordPress Plugin <=1.4.2 - Code Injection
CVE-2025-48868
HIGH
Horilla 1.3.0 - Authenticated RCE
CVSS 7.2
CVE-2025-55728
CRITICAL
XWiki Remote Macros <1.26.5 - RCE
CVSS 10.0
Details
Vulnerabilities
111
Exploit Likelihood
Medium