Weaknesses of type CWE-95
142 resultsCVE-2026-29091HIGHLocutus: Remote Code Execution (RCE) in locutus call_user_func_array due to Code InjectionEPSS 0.6%CVE-2025-49013CRITICALWilderForge vulnerable to code Injection via GitHub Actions WorkflowsEPSS 0.6%CVE-2026-4965MEDIUMletta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injectionEPSS 0.6%CVE-2023-0888MEDIUMAuthenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi EPSS 0.6%CVE-2025-27603CRITICALXWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translationsEPSS 0.6%CVE-2023-26323HIGHXiaomi App Market has a code execution vulnerabilityEPSS 0.6%CVE-2026-46586HIGHApache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code ExecutionEPSS 0.5%CVE-2024-31986CRITICALXWiki Platform CSRF remote code execution through scheduler job's document referenceEPSS 0.5%CVE-2026-8914HIGHCommand injection in Profile change functionEPSS 0.5%CVE-2020-37137HIGHPHP-Fusion 9.03.50 - 'panels.php' Eval InjectionEPSS 0.5%CVE-2024-10633HIGHQuiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via contentEPSS 0.5%CVE-2025-68271CRITICALUnauthenticated Remote Code Execution in openc3-apiEPSS 0.5%CVE-2025-58365HIGHXWiki Blog Application: Privilege Escalation (PR) from account through blog contentEPSS 0.5%CVE-2026-28505HIGHTautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist checkEPSS 0.5%CVE-2026-44643CRITICALAngular Expressions - Remote Code Execution using filtersEPSS 0.5%CVE-2026-4851CRITICALGRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserializationEPSS 0.5%CVE-2025-40943CRITICALAffected devices do not properly sanitize contents of trace files.
This could allow an attacker to inject code through social engineeringEPSS 0.5%CVE-2024-32647MEDIUMvyper performs double eval of raw_args in create_from_blueprintEPSS 0.5%CVE-2024-32649MEDIUMvyper performs double eval of the argument of sqrtEPSS 0.5%CVE-2011-10033CRITICALWordPress Plugin is-human <= v1.4.2 Eval Injection RCEEPSS 0.4%