OpenUI 代码注入漏洞

OpenUI is an open-source UI program developed byWeights & Biases. Versions of OpenUI 1.0 and earlier had a code injection vulnerability, which was caused by incorrect handling of parameter IDs, potentially leading to HTML injection...

QDocs Smart School Management System 代码注入漏洞

QDocs Smart School Management System is a smart community-building system developed by QDocs Corporation. Versions of the QDOCS Smart School Management System prior to 7.2 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in the...

Langflow 代码注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Prior to Langflow 1.9.0, there was a code injection vulnerability. This vulnerability stemmed from the Agentic Assistant feature, which executed Python code generated by the LLM...

smolagents 安全漏洞

smolagents is a basic library for agents, open-sourced by Hugging Face. Version smolagents 1.25.0.dev0 contains a security vulnerability, which stems from incorrect operations on functions in the file src/smolagents/localpythonexecutor.py, potentially leading to code injection...

BentoML 代码注入漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.37, there was a code injection vulnerability. This vulnerability stemmed from the docker.systemPackages...

BUFFALO Wi-Fi router 代码注入漏洞

The BUFFALO Wi-Fi router is a series of routers developed by the Japanese company BUFFALO. The BUFFALO Wi-Fi router has a code injection vulnerability, which means that arbitrary code can be executed due to this flaw...

WindMill 代码注入漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.664.0 contained a code injection vulnerability. This vulnerability occurred when JavaScript string literals were inserted int...

Wazuh 代码注入漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. There is a code injection vulnerability in versions 2.1.0 before 4.8.0 of Wazuh Agent an...

PT-2026-28466

Name of the Vulnerable Software and Affected Versions Home Assistant versions 2020.02 through 2026.01 Description Home Assistant, an open-source home automation software, contains a flaw where an authenticated user can inject malicious code into a device entity name. This allows for Cross-Site...

Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

Arbitrary Code Injection

Overview happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection in the ECMAScript module compilation proces...

GHSA-6Q6H-J7HJ-3R64 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

CVE-2026-25001

Improper Control of Generation of Code 'Code Injection' vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through = 4.0.12...

CVE-2026-25366

Improper Control of Generation of Code 'Code Injection' vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through = 2.7.1...

CVE-2026-25447

Improper Control of Generation of Code 'Code Injection' vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through = 2.3.9...

CVE-2026-32525

Improper Control of Generation of Code 'Code Injection' vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through = 3.5.6.1...

CVE-2026-32573

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.7...

CVE-2026-27044

Improper Control of Generation of Code 'Code Injection' vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through = 4.12.0...

EUVD-2025-209063

HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...

CVE-2026-3968

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...