Weaknesses of type CWE-95
142 resultsCVE-2026-53875HIGHpicklescan - Scanning Bypass via Dynamic Eval in scan_pytorchEPSS 0.4%CVE-2026-23885MEDIUMAlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelperEPSS 0.4%CVE-2025-15551MEDIUMLAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845NEPSS 0.4%CVE-2025-26845CRITICALAn Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a EPSS 0.4%CVE-2026-40316HIGHOWASP BLT has RCE in Github Actions via untrusted Django model execution in workflowEPSS 0.4%CVE-2026-4837MEDIUMEval Injection in Rapid7 Insight AgentEPSS 0.4%CVE-2026-5971MEDIUMFoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injectionEPSS 0.4%CVE-2024-45858HIGHAn arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the wayEPSS 0.4%CVE-2026-24474MEDIUMDioxus Components has JavaScript injection via user-supplied IDsEPSS 0.4%CVE-2026-50733HIGHMarkdown Preview Enhanced Arbitrary Code Execution via WaveDrom eval()EPSS 0.4%CVE-2025-12140CRITICALRCE in Wirtualna UczelniaEPSS 0.4%CVE-2025-47271MEDIUMOZI-Project/ozi-publish Code Injection vulnerabilityEPSS 0.4%CVE-2024-27320HIGHAn arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classifiEPSS 0.3%CVE-2024-27321HIGHAn arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabEPSS 0.3%CVE-2025-71361HIGHpicklescan - Remote Code Execution via Undetected idlelib.calltip.Calltip.fetch_tipEPSS 0.3%CVE-2026-27702CRITICALBudibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)EPSS 0.3%CVE-2026-33618HIGHChamilo LMS Affected by Remote Code Execution via eval() in Platform SettingsEPSS 0.3%CVE-2023-7245HIGHThe nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to EPSS 0.3%CVE-2026-48962HIGHIO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output globEPSS 0.3%CVE-2025-65530HIGHAn eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary filesEPSS 0.3%