Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
7 articles

#CWE-94

All CosmicBytez Labs articles tagged #CWE-94, across news, security advisories, how-to guides, and projects.

  • SecurityJun 23, 2026

    CVE-2026-12866: expr-eval npm Package Enables Arbitrary Code Execution via toJSFunction()

    All versions of the expr-eval JavaScript package are vulnerable to remote code execution through the toJSFunction() API. Crafted expressions escape the...

  • SecurityJun 17, 2026

    CVE-2026-49774: RD Station WordPress Plugin Remote Code Injection (CVSS 9.9)

    A critical code injection vulnerability in the RD Station WordPress plugin allows unauthenticated remote code execution through Remote File Inclusion,...

  • SecurityMay 30, 2026

    CVE-2026-7465: RCE in Spectra Gutenberg Blocks WordPress Plugin (CVSS 8.8)

    A high-severity remote code execution vulnerability in the Spectra Gutenberg Blocks plugin for WordPress allows authenticated Contributor-level attackers...

  • SecurityMay 21, 2026

    CVE-2026-6279: Avada Builder Unauthenticated RCE via PHP

    A critical CVSS 9.8 vulnerability in the Avada Builder (fusion-builder) WordPress plugin allows unauthenticated attackers to execute arbitrary PHP...

  • SecurityApr 8, 2026

    CVE-2026-22679: Weaver E-cology 10.0 Unauthenticated Remote

    A critical unauthenticated RCE vulnerability in Weaver (Fanwei) E-cology 10.0 allows attackers to execute arbitrary commands by abusing an exposed Dubbo...

  • SecurityApr 2, 2026

    CVE-2026-1540: Spam Protect CF7 WordPress Plugin PHP Log RCE

    The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows an editor-level attacker to achieve Remote Code Execution by logging a crafted...

  • SecurityMar 28, 2026

    CVE-2026-27876 — Grafana Critical RCE via SQL Expression

    A chained attack exploiting SQL Expressions combined with a Grafana Enterprise plugin can lead to remote arbitrary code execution. All Grafana users...