Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)) — Vulnerability Class 104

104 vulnerabilities classified as CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver — geoserver 9.8 Critical2024-07-01
CVE-2024-3562 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field — Custom Field Suite 8.8 High2024-06-20
CVE-2024-32649 vyper performs double eval of the argument of sqrt — vyper 5.3 Medium2024-04-25
CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint — vyper 5.3 Medium2024-04-25
CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution — xwiki-commons 10.0 Critical2024-04-10
CVE-2024-31984 XWiki Platform: Remote code execution through space title and Solr space facet — xwiki-platform 10.0 Critical2024-04-10
CVE-2024-31982 XWiki Platform: Remote code execution as guest via DatabaseSearch — xwiki-platform 10.0 Critical2024-04-10
CVE-2024-31465 XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet — xwiki-platform 10.0 Critical2024-04-10
CVE-2023-7245 OpenVPN Connect 安全漏洞 — OpenVPN Connect 7.8AIHighAI2024-02-20
CVE-2023-6735 Privilege escalation in mk_tsm — Checkmk 8.8 High2024-01-12
CVE-2024-21650 XWiki Remote Code Execution vulnerability via user registration — xwiki-platform 10.0 Critical2024-01-08
CVE-2023-7224 OpenVPN Connect 安全漏洞 — OpenVPN Connect 7.8AIHighAI2024-01-08
CVE-2023-7101 Arbitrary Code Execution (ACE) Vulnerability — Spreadsheet::ParseExcel 7.8 -2023-12-24
CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account — xwiki-platform 10.0 Critical2023-12-15
CVE-2023-50721 XWiki Platform RCE from account through SearchAdmin — xwiki-platform 10.0 Critical2023-12-15
CVE-2023-48699 fastbots Eval Injection vulnerability — fastbots 8.4 High2023-11-21
CVE-2023-37909 Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet — xwiki-platform 10.0 Critical2023-10-25
CVE-2023-40177 XWiki Platform privilege escalation (PR) from account through AWM content fields — xwiki-platform 9.9 Critical2023-08-23
CVE-2023-35152 XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults — xwiki-platform 10.0 Critical2023-06-23
CVE-2023-35150 XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application — xwiki-platform 9.9 Critical2023-06-23
CVE-2023-29511 xwiki-platform-administration-ui vulnerable to privilege escalation — xwiki-platform 9.9 Critical2023-04-16
CVE-2023-30537 org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation — xwiki-platform 9.9 Critical2023-04-16
CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability — xwiki-platform 10.0 Critical2023-04-16
CVE-2023-29214 org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability — xwiki-platform 10.0 Critical2023-04-16
CVE-2023-29212 xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability — xwiki-platform 10.0 Critical2023-04-16
CVE-2023-29211 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability — xwiki-platform 10.0 Critical2023-04-16
CVE-2023-29210 org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability — xwiki-platform 10.0 Critical2023-04-15
CVE-2023-29209 org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability — xwiki-platform 10.0 Critical2023-04-15
CVE-2023-0888 Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi — Space Battery Pack SP with Wi-Fi 4.9 Medium2023-03-13
CVE-2023-0090 Proofpoint Enterprise Protection webservices unauthenticated RCE — enterprise_protection 9.8 Critical2023-03-08

Vulnerabilities classified as CWE-95 (动态执行代码中指令转义处理不恰当(Eval注入)) represent 104 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.