Skip to main content

CWE-95

Eval Injection

109 CVEs Avg CVSS 8.5 MITRE
39
CRITICAL
56
HIGH
12
MEDIUM
2
LOW
54
POC
4
KEV

Monthly

CVE-2026-49273 PHP HIGH PATCH GHSA This Week

Authenticated remote code execution in MantisBT versions 1.3.0 through 2.28.3 allows an administrator to run arbitrary PHP as the web server user (www-data) via the 'Manage Configuration' page (adm_config_set.php). When a config value is stored with a non-string type, the ConfigParser/Tokenizer path calls eval() on attacker-controlled code guarded only by a 'return;' prefix; because PHP hoists class and function declarations at compile time regardless of the return, an attacker can plant a class that later hijacks the autoloader. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was reported privately by watchTowr and fixed in 2.28.4.

PHP RCE Code Injection
NVD GitHub
CVE-2026-45579 PyPI CRITICAL PATCH GHSA Act Now

Authenticated remote code execution in DIRAC's RequestManagementSystem lets any logged-in grid user run arbitrary commands as the DIRAC service account, enabling full compromise of the DIRAC installation. The flaw stems from an eval() call reachable through the export_getRequestCountersWeb service method, and successful exploitation exposes dirac.cfg secrets, database credentials, and all stored user proxies and tokens. Rated CVSS 9.9; no public exploit code has been released, though the vendor advisory documents a complete working exploitation path.

RCE Code Injection
NVD GitHub
CVSS 3.1
9.9
CVE-2026-14380 HIGH PATCH This Week

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands. The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db. An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.

Code Injection RCE Dbi
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-45406 HIGH PATCH This Week

OS command execution on the Dokku host is possible through the openresty-vhosts plugin in versions prior to 0.38.2, where custom OpenResty include filenames from an app's git repository are interpolated unescaped into a single-quoted shell string that is later run through eval. An attacker who can deploy a Dokku app with the openresty proxy enabled can plant a file whose name contains a single quote to break the quoting and inject a command substitution, executing arbitrary commands as the dokku user on the next deploy. There is no public exploit identified at time of analysis and it is not in CISA KEV, though the upstream advisory and a security regression test document the mechanism precisely.

Code Injection Information Disclosure Docker Dokku
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-71361 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 allows malicious pickle files to evade scanning by abusing the undetected idlelib.calltip.Calltip.fetch_tip function, enabling arbitrary code execution when the file is later loaded via pickle.load(). Affects ML supply chains relying on picklescan to vet PyTorch models; publicly available exploit code exists in the GHSA advisory, but no public exploit identified in active campaigns at time of analysis.

Code Injection RCE Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-44179 Maven CRITICAL PATCH GHSA Act Now

Remote code execution in XWiki Pro Macros (com.xwiki.pro:xwiki-pro-macros) versions >=1.13 and <1.14.5 allows any authenticated user with page-edit rights to execute arbitrary Groovy code via the excerpt-include macro, which fails to escape the included page's title and renders excerpt content with the macro's elevated rights. A working proof-of-concept is published in the GHSA advisory demonstrating injection through both a crafted page title and excerpt body. No public exploit identified at time of analysis as actively used, but the publicly available exploit code exists in the advisory itself.

Atlassian RCE Code Injection
NVD GitHub
CVSS 3.1
9.9
CVE-2026-44939 Go CRITICAL PATCH GHSA Act Now

{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no public exploit was identified at time of analysis and it is not listed in CISA KEV. Reported by SUSE through GitHub Security Advisory GHSA-mhc6-2gfq-xx62.

Command Injection Code Injection Rancher Suse
NVD GitHub
CVSS 4.0
9.4
EPSS
1.1%
CVE-2026-53875 PyPI HIGH PATCH This Week

Scanner evasion in picklescan versions prior to 1.0.3 lets an attacker smuggle malicious PyTorch pickle payloads past the scan_pytorch detection routine and gain arbitrary code execution when the model is later loaded with torch.load(). The bypass exploits a parser-differential between picklescan's pickletools.genops()-based magic-number extraction and PyTorch's pickle_module.load(), allowing a __reduce__(eval, ('MAGIC_NUMBER',)) trick to produce files that scan as clean but still deserialize correctly. A detailed proof-of-concept is published in the GHSA advisory and the VulnCheck writeup; no CISA KEV listing or EPSS score was supplied in the input.

Code Injection RCE Picklescan
NVD GitHub
CVSS 4.0
7.1
EPSS
0.4%
CVE-2026-47103 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in python-statemachine 3.0.0 through 3.1.x allows attackers to run arbitrary Python in the host process by supplying a crafted SCXML document whose `<data expr="...">` attributes are passed unsandboxed to eval() inside SCXMLProcessor. Reported by VulnCheck with publicly available exploit code and a vendor advisory (GHSA-v4jc-pm6r-3vj8); no public exploit identified at time of analysis as actively in the wild, and the flaw is not listed in CISA KEV.

Python Code Injection RCE Python Statemachine
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.8%
CVE-2026-11422 HIGH PATCH This Week

Arbitrary JavaScript execution in the Markdown Preview Enhanced VS Code extension (0.8.x, bundling crossnote 0.9.28) is triggered when a victim opens or previews a crafted Markdown document containing a malicious wavedrom fenced code block. The WaveDrom rendering pipeline passes block contents directly to window.eval() inside the VS Code webview, letting an attacker abuse the extension's message-passing channel to write arbitrary files to the victim's local filesystem. Vendor patches were released on 2026-06-05; no public exploit was identified at time of analysis and the CVE is not listed in CISA KEV.

Code Injection RCE Markdown Preview Enhanced Crossnote
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
HIGH PATCH This Week

Authenticated remote code execution in MantisBT versions 1.3.0 through 2.28.3 allows an administrator to run arbitrary PHP as the web server user (www-data) via the 'Manage Configuration' page (adm_config_set.php). When a config value is stored with a non-string type, the ConfigParser/Tokenizer path calls eval() on attacker-controlled code guarded only by a 'return;' prefix; because PHP hoists class and function declarations at compile time regardless of the return, an attacker can plant a class that later hijacks the autoloader. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was reported privately by watchTowr and fixed in 2.28.4.

PHP RCE Code Injection
NVD GitHub
CVSS 9.9
CRITICAL PATCH Act Now

Authenticated remote code execution in DIRAC's RequestManagementSystem lets any logged-in grid user run arbitrary commands as the DIRAC service account, enabling full compromise of the DIRAC installation. The flaw stems from an eval() call reachable through the export_getRequestCountersWeb service method, and successful exploitation exposes dirac.cfg secrets, database credentials, and all stored user proxies and tokens. Rated CVSS 9.9; no public exploit code has been released, though the vendor advisory documents a complete working exploitation path.

RCE Code Injection
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package name. Any caller-influenced value that reaches the Profile attribute is therefore arbitrary Perl code execution, including calls to run system commands. The Profile attribute can be set from three different sources that can carry untrusted data: the DBI_PROFILE environment variable, a direct attribute assignment, and a DSN driver-attribute clause dbi:Driver(Profile=>SPEC):db. An attacker controlling any of those inputs runs arbitrary Perl in the host process. The strongest remote position is a network-exposed DBI::Gofer / DBI::ProxyServer whose per-request DSN reaches the Profile attribute, letting a client execute code on the broker host.

Code Injection RCE Dbi
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

OS command execution on the Dokku host is possible through the openresty-vhosts plugin in versions prior to 0.38.2, where custom OpenResty include filenames from an app's git repository are interpolated unescaped into a single-quoted shell string that is later run through eval. An attacker who can deploy a Dokku app with the openresty proxy enabled can plant a file whose name contains a single quote to break the quoting and inject a command substitution, executing arbitrary commands as the dokku user on the next deploy. There is no public exploit identified at time of analysis and it is not in CISA KEV, though the upstream advisory and a security regression test document the mechanism precisely.

Code Injection Information Disclosure Docker +1
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 allows malicious pickle files to evade scanning by abusing the undetected idlelib.calltip.Calltip.fetch_tip function, enabling arbitrary code execution when the file is later loaded via pickle.load(). Affects ML supply chains relying on picklescan to vet PyTorch models; publicly available exploit code exists in the GHSA advisory, but no public exploit identified in active campaigns at time of analysis.

Code Injection RCE Picklescan
NVD GitHub
CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in XWiki Pro Macros (com.xwiki.pro:xwiki-pro-macros) versions >=1.13 and <1.14.5 allows any authenticated user with page-edit rights to execute arbitrary Groovy code via the excerpt-include macro, which fails to escape the included page's title and renders excerpt content with the macro's elevated rights. A working proof-of-concept is published in the GHSA advisory demonstrating injection through both a crafted page title and excerpt body. No public exploit identified at time of analysis as actively used, but the publicly available exploit code exists in the advisory itself.

Atlassian RCE Code Injection
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL PATCH Act Now

{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no public exploit was identified at time of analysis and it is not listed in CISA KEV. Reported by SUSE through GitHub Security Advisory GHSA-mhc6-2gfq-xx62.

Command Injection Code Injection Rancher +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Scanner evasion in picklescan versions prior to 1.0.3 lets an attacker smuggle malicious PyTorch pickle payloads past the scan_pytorch detection routine and gain arbitrary code execution when the model is later loaded with torch.load(). The bypass exploits a parser-differential between picklescan's pickletools.genops()-based magic-number extraction and PyTorch's pickle_module.load(), allowing a __reduce__(eval, ('MAGIC_NUMBER',)) trick to produce files that scan as clean but still deserialize correctly. A detailed proof-of-concept is published in the GHSA advisory and the VulnCheck writeup; no CISA KEV listing or EPSS score was supplied in the input.

Code Injection RCE Picklescan
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in python-statemachine 3.0.0 through 3.1.x allows attackers to run arbitrary Python in the host process by supplying a crafted SCXML document whose `<data expr="...">` attributes are passed unsandboxed to eval() inside SCXMLProcessor. Reported by VulnCheck with publicly available exploit code and a vendor advisory (GHSA-v4jc-pm6r-3vj8); no public exploit identified at time of analysis as actively in the wild, and the flaw is not listed in CISA KEV.

Python Code Injection RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Arbitrary JavaScript execution in the Markdown Preview Enhanced VS Code extension (0.8.x, bundling crossnote 0.9.28) is triggered when a victim opens or previews a crafted Markdown document containing a malicious wavedrom fenced code block. The WaveDrom rendering pipeline passes block contents directly to window.eval() inside the VS Code webview, letting an attacker abuse the extension's message-passing channel to write arbitrary files to the victim's local filesystem. Vendor patches were released on 2026-06-05; no public exploit was identified at time of analysis and the CVE is not listed in CISA KEV.

Code Injection RCE Markdown Preview Enhanced +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy