Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)) — Vulnerability Class 104

104 vulnerabilities classified as CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection — CMS 4.7 Medium2026-04-20
CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings — chamilo-lms 8.8 High2026-04-10
CVE-2026-5971 FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection — MetaGPT 7.3 High2026-04-09
CVE-2026-4837 Eval Injection in Rapid7 Insight Agent — Insight Agent 6.6 Medium2026-04-08
CVE-2026-22666 Dolibarr ERP/CRM < 23.0.2 Authenticated RCE via dol_eval_standard() — Dolibarr ERP/CRM 7.2 High2026-04-07
CVE-2026-35002 Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution — Agno 9.8AICriticalAI2026-04-02
CVE-2026-4965 letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection — letta 7.3 High2026-03-27
CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula — Woocommerce Custom Product Addons Pro 9.8 Critical2026-03-23
CVE-2025-40943 Siemens多款产品 跨站脚本漏洞 — SIMATIC Drive Controller CPU 1504D TF 9.6 Critical2026-03-10
CVE-2026-29091 Locutus: Remote Code Execution (RCE) in locutus call_user_func_array due to Code Injection — locutus 8.1 High2026-03-06
CVE-2025-50187 Chamilo: Evaluation of untrusted user input leads to Remote Code Execution — chamilo-lms 9.8 Critical2026-03-02
CVE-2026-28370 OpenStack Vitrage 安全漏洞 — Vitrage 9.1 Critical2026-02-27
CVE-2025-15551 LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N — Archer MR200 v5.2 8.1AIHighAI2026-02-05
CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection — PHP Fusion 6.1 Medium2026-02-05
CVE-2026-1470 Authenticated users can bypass the Expression sandbox mechanism to achieve full remote code execution on n8n’s main node. 9.9 Critical2026-01-27
CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs — components 7.5 -2026-01-23
CVE-2026-0769 Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability — Langflow 9.8 -2026-01-23
CVE-2026-23885 AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper — alchemy_cms 6.4 Medium2026-01-19
CVE-2026-0863 Sandbox escape in n8n Python task runner allows for arbitrary code execution on the underlying host. 8.5 High2026-01-18
CVE-2025-68271 Unauthenticated Remote Code Execution in openc3-api — cosmos 10.0 Critical2026-01-13
CVE-2025-54322 Xspeeder SXZOS 安全漏洞 — SXZOS 10.0 Critical2025-12-27
CVE-2025-66474 XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection — xwiki-rendering 8.8AIHighAI2025-12-10
CVE-2025-12140 RCE in Wirtualna Uczelnia — Wirtualna Uczelnia 9.8 -2025-11-27
CVE-2025-64496 Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events — open-webui 7.3 High2025-11-08
CVE-2025-61955 F5OS vulnerability — F5OS - Appliance 7.8 High2025-10-15
CVE-2011-10033 WordPress Plugin is-human <= v1.4.2 Eval Injection RCE — is-human WordPress Plugin 9.8AICriticalAI2025-10-15
CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive — horilla 7.2 High2025-09-24
CVE-2025-55728 XWiki Remote Macros vulnerable to remote code execution using the panel macro — xwiki-pro-macros 10.0 Critical2025-09-09
CVE-2025-55727 XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro — xwiki-pro-macros 10.0 Critical2025-09-09
CVE-2025-58365 XWiki Blog Application: Privilege Escalation (PR) from account through blog content — application-blog 8.8AIHighAI2025-09-08

Vulnerabilities classified as CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)) represent 104 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.