CWE-95 · Eval Injection

143 CVEs classified under CWE-95 (Eval Injection). Browse by severity and year.

Top CVEs for CWE-95
CVESeverityScorePublishedSummary
CVE-2026-44643Critical10.02026-05-11Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression…
CVE-2026-28505Critical10.02026-03-30Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in notification_handler.py impl…
CVE-2025-68271Critical10.02026-01-13OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS con…
CVE-2025-54322Critical10.02025-12-27Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP param…
CVE-2025-55728Critical10.02025-09-09XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5…
CVE-2025-55727Critical10.02025-09-09XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5…
CVE-2024-31996Critical10.02024-04-10XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool…
CVE-2024-31982Critical10.02024-04-10XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search a…
CVE-2024-21650Critical10.02024-01-08XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) a…
CVE-2023-46731Critical10.02023-11-06XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL paramete…
CVE-2023-26477Critical10.02023-03-02XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and…
CVE-2022-36010Critical10.02022-08-15This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable…
CVE-2026-27702Critical9.92026-02-25Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase…
CVE-2026-1470Critical9.92026-01-27n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users dur…
CVE-2025-49013Critical9.92025-06-09WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue a…
CVE-2024-37901Critical9.92024-07-31XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbit…
CVE-2024-31984Critical9.92024-04-10XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a sp…
CVE-2024-31465Critical9.92024-04-10XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any…
CVE-2023-50723Critical9.92023-12-15XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in…
CVE-2023-50721Critical9.92023-12-15XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface does…