Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-95

CWE-95

Medium likelihood

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

138 vulnerabilities with CWE-95

CVE-2024-45847 HIGH

MindsDB 23.11.4.2-24.7.4.1 - Remote Code Execution via UPDATE Query Eval Injection

CVE-2024-45846 HIGH

MindsDB 23.10.3.0-24.7.4.1 - Remote Code Execution via Weaviate SELECT WHERE Clause

CVE-2024-27321 HIGH

Refuel Autolabel >= 0.0.8 - Remote Code Execution via Malicious CSV File in Multilabel Classification Task

CVE-2024-27320 HIGH

Refuel Autolabel >= 0.0.8 - Remote Code Execution via Malicious CSV File

CVE-2024-7954 CRITICAL

SPIP porte_plume - Unauthenticated PHP Code Execution

CVE-2024-43404 CRITICAL

Megabot < 1.5.0 - Remote Code Execution via /math Command Expression Parameter

CVE-2024-6891 HIGH

journyx - Authenticated Python Code Injection during Login

CVE-2024-37901 CRITICAL

XWiki 9.2-14.10.20 - Authenticated Remote Code Execution via SearchSuggestClass Instances

CVE-2024-39173 CRITICAL

calculator-boilerplate v1.0 - Remote Code Execution via Eval Injection in Calculator Route

CVE-2024-36404 CRITICAL

GeoTools < 29.6, 30.0-30.4, 31.0-31.2 - Remote Code Execution via XPath Expression Evaluation

CVE-2024-36401 CRITICAL KEV

Geoserver unauthenticated Remote Code Execution

CVE-2024-3562 HIGH

Custom Field Suite <2.6.7 - Code Injection

CVE-2024-32649 MEDIUM

vyperlang/vyper < 0.4.0 - Double Eval Vulnerability via sqrt Builtin

CVE-2024-32647 MEDIUM

vyperlang/vyper < 0.4.0 - Eval Injection via create_from_blueprint raw_args Parameter

CVE-2024-31996 CRITICAL

XWiki Platform <4.10.19, <15.5.4, <15.10-rc-1 - RCE

CVE-2024-31986 CRITICAL

XWiki Platform <4.10.19-15.10-rc-1 - RCE

CVE-2024-31984 CRITICAL

XWiki Platform <4.10.20, 15.5.4, 15.10-rc-1 - RCE

CVE-2024-31982 CRITICAL

XWiki Platform <4.10.20,15.5.4,15.10-rc-1 - RCE

CVE-2024-31465 CRITICAL

XWiki 5.0-rc-1-14.10.19 - Authenticated Remote Code Execution via XWiki.SearchSuggestSourceClass Object Injection

CVE-2024-21650 CRITICAL

XWiki < 4.10.20 - Remote code execution

CVE-2023-26323 HIGH

Xiaomi App Market 4.57.4-4.58.2 - Remote Code Execution via Unsafe Configuration

CVE-2023-7245 HIGH

OpenVPN Connect 3.0-3.4.3 (Windows)/3.0-3.4.7 (macOS) - Local Code Execution via ELECTRON_RUN_AS_NODE

CVE-2023-50447 HIGH

Pillow < 10.1.0 - Remote Code Execution via PIL.ImageMath.eval Environment Parameter

CVE-2023-6735 HIGH

Checkmk < 2.2.0p18, 2.1.0p38, 2.0.0p39 - Privilege Escalation via mk_tsm Agent Plugin

CVE-2023-7224 HIGH

OpenVPN Connect 3.0-3.4.6 - Local Code Execution via DYLD_INSERT_LIBRARIES

Previous Page 4 of 6 Next

Details

Vulnerabilities 138

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy