Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-95

CWE-95

Medium likelihood

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

138 vulnerabilities with CWE-95

CVE-2026-52858 HIGH

Vim: Arbitrary Code Execution via Python Omni-Completion

CVE-2026-47167 MEDIUM

Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex

CVE-2026-11422 HIGH

Markdown Preview Enhanced 0.8.x Code Injection via WaveDrom Rendering

CVE-2026-50733 HIGH

Markdown Preview Enhanced Arbitrary Code Execution via WaveDrom eval()

CVE-2026-8914 HIGH

Teltonika Networks RUTOS - Command Injection in Profile Change Function

CVE-2026-48962 HIGH

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob

CVE-2026-46586 HIGH

Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

CVE-2026-42603 HIGH

OWASP BLT: pre-commit-fix.yaml executes untrusted fork code via pull_request_target

CVE-2026-31254 HIGH

flash-attention thru e724e2588 - Code Injection

CVE-2026-44643 CRITICAL

Angular Expressions - Remote Code Execution using filters

CVE-2026-44128 CRITICAL

SEPPmail Secure Email Gateway < 15.0.2.1 - Unauthenticated Remote Code Execution via Perl Eval Injection

CVE-2026-42079 HIGH

PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

CVE-2026-6652 MEDIUM

Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

CVE-2026-40316 HIGH

OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow

CVE-2026-39423 MEDIUM

Stored XSS via Eval Injection in EchartsRander Component

CVE-2026-33618 HIGH

Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings

CVE-2026-5971 HIGH

FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection

CVE-2026-4837 MEDIUM

Eval Injection in Rapid7 Insight Agent

CVE-2026-22666 HIGH

Dolibarr ERP/CRM < 23.0.2 Authenticated RCE via dol_eval_standard()

CVE-2026-35002 CRITICAL

Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

CVE-2026-28505 CRITICAL

Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check

CVE-2026-4851 CRITICAL

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization

CVE-2026-4965 HIGH

letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection

CVE-2026-4001 CRITICAL

Woocommerce Custom Product Addons Pro <=5.4.1 - RCE

CVE-2026-33017 CRITICAL KEV

Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Page 1 of 6 Next

Details

Vulnerabilities 138

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy