CWE-95
Medium likelihoodImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
126 vulnerabilities with CWE-95
CVE-2025-15551
MEDIUM
TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, TL-WR845N v4 - RCE
CVSS 5.6
CVE-2025-68271
CRITICAL
Rubygems Openc3 < 6.10.2 - Remote Code Execution
CVSS 10.0
CVE-2025-54322
CRITICAL
Xspeeder Sxzos < 2025-12-26 - Code Injection
CVSS 10.0
CVE-2025-43466
MEDIUM
macOS Tahoe 26.1 - Info Disclosure
CVSS 5.5
CVE-2025-43388
MEDIUM
macOS Tahoe 26.1 - Info Disclosure
CVSS 5.5
CVE-2025-65530
HIGH
CloudLinux ai-bolit <v32.7.4 - Code Injection
CVSS 8.8
CVE-2025-66474
HIGH
XWiki Rendering <17.5.0 - RCE
CVSS 8.8
CVE-2025-12140
CRITICAL
Java - RCE
CVE-2025-64496
HIGH
Openwebui Open Webui < 0.6.35 - Remote Code Execution
CVSS 7.3
CVE-2025-61955
HIGH
F5OS-A F5OS-C - Privilege Escalation
CVSS 8.8
CVE-2025-48868
HIGH
Horilla 1.3.0 - Authenticated RCE
CVSS 7.2
CVE-2025-55728
CRITICAL
XWiki Remote Macros <1.26.5 - RCE
CVSS 10.0
CVE-2025-55727
CRITICAL
XWiki Remote Macros <1.26.5 - RCE
CVSS 10.0
CVE-2025-58365
HIGH
XWiki <9.14 - RCE
CVE-2025-55585
MEDIUM
TOTOLINK A3002R v4.0.0-B20230531.1404 - Command Injection
CVSS 6.5
CVE-2025-8420
HIGH
Request a Quote Form <2.5.2 - RCE
CVSS 8.1
CVE-2025-3753
HIGH
ROS - RCE
CVSS 7.8
CVE-2025-6101
MEDIUM
Letta-ai <0.4.1 - Improper Neutralization
CVSS 5.5
CVE-2025-49598
MEDIUM
conda-forge-ci-setup - RCE
CVE-2025-49013
CRITICAL
WilderForge - Code Injection
CVSS 9.9
CVE-2025-47271
MEDIUM
OZI <1.13.5 - Code Injection
CVE-2025-26845
CRITICAL
Znuny < 7.1.3 - Code Injection
CVSS 9.8
CVE-2025-4318
CRITICAL
AWS Amplify Studio - Code Injection
CVE-2025-32435
LOW
Hydra - Info Disclosure
CVSS 2.6
CVE-2025-27603
CRITICAL
XWiki Confluence Migrator Pro <1.2.0 - Code Injection
CVSS 9.1
Details
Vulnerabilities
126
Exploit Likelihood
Medium