CWE-95
Eval Injection
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 10 of 10- CVE-2026-33017Critical· 9.8KEVEPSS 25%22 h ago
Langflow Code Injection Vulnerability
pypi - CVE-2025-24893Critical· 9.8KEVEXPLOITEPSS 94%22 h ago
XWiki Platform Eval Injection Vulnerability
- CVE-2023-7101High· 7.8KEVEXPLOITEPSS 58%22 h ago
Spreadsheet::ParseExcel Remote Code Execution Vulnerability
- CVE-2024-36401Critical· 9.8KEVEXPLOITEPSS 94%22 h ago
OSGeo GeoServer GeoTools Eval Injection Vulnerability
- CVE-2021-22204Medium· 6.8KEVEXPLOITEPSS 93%22 h ago
ExifTool Remote Code Execution Vulnerability
- CVE-2021-22205Critical· 10.0KEVEXPLOITEPSS 94%22 h ago
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability
- CVE-2026-47167—EPSS 0%1 d ago
Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-defini
- CVE-2026-52858—EPSS 0%1 d ago
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +pytho
- CVE-2026-11422High· 7.1EPSS 0%5 d ago
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fence
- CVE-2026-50733High· 8.8EPSS 0%7 d ago
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview (window.eval) and presenta
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.