CWE-95: Eval Injection — known CVE vulnerabilities
CVEs classified under CWE-95 (Eval Injection), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-44643 — CVSS 10.0 (critical): Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a…
CVE-2025-68271 — CVSS 10.0 (critical): OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to…
CVE-2013-10070: PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly…
CVE-2022-36010 — CVSS 10.0 (critical): This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-…
CVE-2026-1470 — CVSS 9.9 (critical): n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by…
CVE-2023-29511 — CVSS 9.9 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a…
CVE-2022-41931 — CVSS 9.9 (critical): xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user…
CVE-2022-41928 — CVSS 9.9 (critical): XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in…
CVE-2026-35002 — CVSS 9.8 (critical): Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to…
CVE-2026-4851 — CVSS 9.8 (critical): GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote…
CVE-2026-4001 — CVSS 9.8 (critical): The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including…
CVE-2025-50187 — CVSS 9.8 (critical): Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads…
CVE-2013-10051 — CVSS 9.8 (critical): A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view…
CVE-2024-7954 — CVSS 9.8 (critical): The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A…
CVE-2024-39173 — CVSS 9.8 (critical): calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at…
CVE-2024-36404 — CVSS 9.8 (critical): GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code…
CVE-2025-40943 — CVSS 9.6 (critical): Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering…
CVE-2025-4318: The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could…
CVE-2026-44939: A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through…
CVE-2026-44128: SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint…
CVE-2025-12140: The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter'…
CVE-2011-10033: The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the…
CVE-2025-0868: A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using…
CVE-2026-28370 — CVSS 9.1 (critical): In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger…
CVE-2025-27603 — CVSS 9.1 (critical): XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. A user that doesn't have programming…
CVE-2024-8512 — CVSS 9.1 (critical): The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script'…
CVE-2026-45406 — CVSS 9.0 (critical): Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git…
CVE-2026-50733 — CVSS 8.8 (high): Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary…
CVE-2026-33618 — CVSS 8.8 (high): Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses…
CVE-2025-65530 — CVSS 8.8 (high): An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary…
CVE-2025-61955 — CVSS 8.8 (high): A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their…
CVE-2024-3562 — CVSS 8.8 (high): The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop…
CVE-2025-58365: The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application…
CVE-2026-42079 — CVSS 8.6 (high): PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code…
CVE-2026-8914: In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to…
CVE-2025-71361 — CVSS 8.1 (high): picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution…
CVE-2026-29091 — CVSS 8.1 (high): Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code…
CVE-2025-8420 — CVSS 8.1 (high): Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in…
CVE-2024-45858 — CVSS 7.8 (high): An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the…
CVE-2023-7245 — CVSS 7.8 (high): The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to…
CVE-2023-26323 — CVSS 7.6 (high): A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be…
CVE-2026-48962 — CVSS 7.3 (high): IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob…
CVE-2026-31254 — CVSS 7.3 (high): The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability…
CVE-2025-64496 — CVSS 7.3 (high): Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.6.224 and prior contain a…
CVE-2024-10633 — CVSS 7.3 (high): The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to…
CVE-2025-48868 — CVSS 7.2 (high): Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability…
CVE-2026-53875: picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious…
CVE-2026-11422 — CVSS 7.1 (high): Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline…
CVE-2026-4837 — CVSS 6.6 (medium): An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to…