Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)) — Vulnerability Class 104

104 vulnerabilities classified as CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-8420 Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution — Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress 8.1 High2025-08-06
CVE-2013-10070 PHP-Charts v1.0 PHP Code Execution — PHP-Charts 9.8AICriticalAI2025-08-05
CVE-2013-10051 InstantCMS <= 1.6 Remote PHP Code Execution — InstantCMS 9.8 -2025-08-01
CVE-2025-3753 Unsafe use of eval() method in rosbag tool — Robot Operating System (ROS) 7.8 High2025-07-17
CVE-2024-41921 Unsafe use of eval() method in rostopic echo tool — Robot Operating System (ROS) 7.8 High2025-07-17
CVE-2024-41148 Unsafe use of eval() method in rostopic hz tool — Robot Operating System (ROS) 7.8 High2025-07-17
CVE-2024-39835 Unsafe use of eval() method in roslaunch tool — Robot Operating System (ROS) 7.8 High2025-07-17
CVE-2024-39289 Unsafe use of eval() method in rosparam tool — Robot Operating System (ROS) 7.8 High2025-07-17
CVE-2025-6101 letta-ai letta interface.py function_message eval injection — letta 5.5 Medium2025-06-16
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing — conda-forge-ci-setup-feedstock 9.8AICriticalAI2025-06-13
CVE-2025-4318 Input validation issue in AWS Amplify Studio UI component properties — Amplify Studio 6.4AIMediumAI2025-05-05
CVE-2025-32435 Hydra no restricted eval after nix-eval-jobs migration — hydra 2.6 Low2025-04-15
CVE-2025-27603 XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations — application-confluence-migrator-pro 9.1 Critical2025-03-07
CVE-2025-24893 Remote code execution as guest via SolrSearchMacros request in xwiki — xwiki-platform 9.8 Critical2025-02-20
CVE-2025-0868 Remote Code Execution in DocsGPT — DocsGPT 9.8 -2025-02-20
CVE-2024-10633 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content — Quiz Maker Developer 7.3 High2025-01-26
CVE-2024-8512 W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution — W3SPEEDSTER 9.1 Critical2024-10-30
CVE-2024-45858 Guardrails 安全漏洞 — guardrails 7.8 High2024-09-18
CVE-2024-45851 MindsDB 安全漏洞 — mindsdb 8.8 High2024-09-12
CVE-2024-45850 MindsDB 安全漏洞 — mindsdb 8.8 High2024-09-12
CVE-2024-45849 MindsDB 安全漏洞 — mindsdb 8.8 High2024-09-12
CVE-2024-45848 MindsDB 安全漏洞 — mindsdb 8.8 High2024-09-12
CVE-2024-45847 MindsDB 安全漏洞 — mindsdb 8.8 High2024-09-12
CVE-2024-45846 MindsDB 安全漏洞 — mindsdb 8.8 High2024-09-12
CVE-2024-27321 Autolabel 安全漏洞 — autolabel 7.8 High2024-09-12
CVE-2024-27320 Autolabel 安全漏洞 — autolabel 7.8 High2024-09-12
CVE-2024-7954 SPIP porte_plume Plugin Arbitrary PHP Execution — SPIP 9.8 Critical2024-08-23
CVE-2024-43404 Remote Code Execution Vulnerability in MEGABOT — MEGABOT 9.8 Critical2024-08-20
CVE-2024-37901 XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet — xwiki-platform 10.0 Critical2024-07-31
CVE-2024-36404 GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions — geotools 9.8 Critical2024-07-02

Vulnerabilities classified as CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)) represent 104 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.