Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-95

CWE-95

Medium likelihood

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

138 vulnerabilities with CWE-95

CVE-2025-58365 HIGH

XWiki <9.14 - Remote Code Execution

CVE-2025-55585 MEDIUM

TOTOLINK A3002R v4.0.0-B20230531.1404 - Command Injection

CVE-2025-8420 HIGH

emarket-design WordPress Plugins - Unauthenticated Remote Code Execution via emd_form_builder_lite_pagenum Function

CVE-2025-3753 HIGH

ROS rosbag filter - Arbitrary Python Code Execution

CVE-2025-6101 MEDIUM

Letta-ai <0.4.1 - Improper Neutralization

CVE-2025-49598 MEDIUM

conda-forge-ci-setup < 4.15.0 - meta.yaml eval Code Execution

CVE-2025-49013 CRITICAL

WilderForge - Remote Code Execution via GitHub Actions Workflow Injection

CVE-2025-47271 MEDIUM

OZI-Project/publish 1.13.2-1.13.5 - Remote Code Execution via Branch Name Injection

CVE-2025-26845 CRITICAL

Znuny 6.0.31-6.0.47 and 7.0.1-7.1.3 - Authenticated Eval Injection via Configuration File

CVE-2025-4318 CRITICAL

AWS Amplify Studio - Code Injection

CVE-2025-32435 LOW

Hydra < 2025-04-11 - Unauthenticated Eval Injection via Untrusted Nix Code Evaluation

CVE-2025-27603 CRITICAL

XWiki Confluence Migrator Pro <1.2.0 - Code Injection

CVE-2025-24893 CRITICAL KEV

XWiki Platform - Remote Code Execution

CVE-2025-0868 CRITICAL

DocsGPT 0.8.1-0.12.0 - Remote Code Execution via /api/remote Endpoint

CVE-2024-41921 HIGH

Robot Operating System Noetic Ninjemys and earlier - Code Injection via rostopic echo --filter Option

CVE-2024-41148 HIGH

Robot Operating System Noetic Ninjemys and earlier - Code Injection via rostopic hz --filter Option

CVE-2024-39835 HIGH

Robot Operating System Noetic Ninjemys and earlier - Remote Code Execution via roslaunch Substitution Args

CVE-2024-39289 HIGH

Robot Operating System Noetic Ninjemys and earlier - Remote Code Execution via rosparam Angle Converter Eval Injection

CVE-2024-10633 HIGH

Quiz Maker Business <= 8.8.0, Developer <= 21.8.0, Agency <= 31.8.0 - Unauthenticated Arbitrary Shortcode Execution

CVE-2024-8512 CRITICAL

W3SPEEDSTER < 7.26 - Authenticated Remote Code Execution via script Parameter in hookBeforeStartOptimization()

CVE-2024-45858 HIGH

Guardrails AI Guardrails <0.5.10 - RCE

CVE-2024-45851 HIGH

MindsDB 23.10.5.0-24.7.4.1 - Remote Code Execution via SharePoint INSERT Query

CVE-2024-45850 HIGH

MindsDB 23.10.5.0-24.7.4.1 - Remote Code Execution via SharePoint Integration INSERT Query

CVE-2024-45849 HIGH

MindsDB 23.10.5.0-24.7.4.1 - Remote Code Execution via SharePoint INSERT Query

CVE-2024-45848 HIGH

MindsDB 23.12.4.0-24.7.4.1 - Remote Code Execution via ChromaDB INSERT Query

Previous Page 3 of 6 Next

Details

Vulnerabilities 138

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy