CWE-95 · Eval Injection
143 CVEs classified under CWE-95 (Eval Injection). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44643 | Critical | 10.0 | 2026-05-11 | Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression… |
CVE-2026-28505 | Critical | 10.0 | 2026-03-30 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in notification_handler.py impl… |
CVE-2025-68271 | Critical | 10.0 | 2026-01-13 | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS con… |
CVE-2025-54322 | Critical | 10.0 | 2025-12-27 | Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP param… |
CVE-2025-55728 | Critical | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5… |
CVE-2025-55727 | Critical | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5… |
CVE-2024-31996 | Critical | 10.0 | 2024-04-10 | XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool… |
CVE-2024-31982 | Critical | 10.0 | 2024-04-10 | XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search a… |
CVE-2024-21650 | Critical | 10.0 | 2024-01-08 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) a… |
CVE-2023-46731 | Critical | 10.0 | 2023-11-06 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL paramete… |
CVE-2023-26477 | Critical | 10.0 | 2023-03-02 | XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and… |
CVE-2022-36010 | Critical | 10.0 | 2022-08-15 | This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable… |
CVE-2026-27702 | Critical | 9.9 | 2026-02-25 | Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase… |
CVE-2026-1470 | Critical | 9.9 | 2026-01-27 | n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users dur… |
CVE-2025-49013 | Critical | 9.9 | 2025-06-09 | WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue a… |
CVE-2024-37901 | Critical | 9.9 | 2024-07-31 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbit… |
CVE-2024-31984 | Critical | 9.9 | 2024-04-10 | XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a sp… |
CVE-2024-31465 | Critical | 9.9 | 2024-04-10 | XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any… |
CVE-2023-50723 | Critical | 9.9 | 2023-12-15 | XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in… |
CVE-2023-50721 | Critical | 9.9 | 2023-12-15 | XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface does… |