Cyber Posture

CWE · MITRE source

CWE-95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Abstraction: Variant · CVEs in our corpus: 127

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2024-36401 KEV9.69.80.94432024-07-01
CVE-2025-24893 KEV9.69.80.93662025-02-20
CVE-2023-7101 KEV8.67.80.83312023-12-24
CVE-2024-319827.710.00.94252024-04-10
CVE-2024-216507.610.00.92542024-01-08
CVE-2024-79547.59.80.93152024-08-23
CVE-2023-374627.49.90.90262023-07-14
CVE-2024-364047.49.80.90752024-07-02
CVE-2013-100516.59.80.75812025-08-01
CVE-2026-33017 KEV6.49.80.41242026-03-20
CVE-2024-319845.69.90.60062024-04-10
CVE-2023-467315.410.00.57462023-11-06
CVE-2023-507214.69.90.43252023-12-15
CVE-2023-264774.410.00.40082023-03-02
CVE-2023-295094.19.90.36082023-04-16
CVE-2023-351504.19.90.34632023-06-23
CVE-2024-314654.19.90.35312024-04-10
CVE-2013-100703.80.00.62522025-08-05
CVE-2023-295113.79.90.29252023-04-16
CVE-2023-305373.79.90.29362023-04-16
CVE-2022-360993.39.90.21702022-09-08
CVE-2022-419313.19.90.18932022-11-23
CVE-2023-292093.19.90.18932023-04-15
CVE-2024-85123.19.10.21082024-10-30
CVE-2023-379092.69.90.10462023-10-25