CVE-2026-4998 Sinaptik AI PandasAI Chat Message code_executor.py CodeExecutor.execute code injection

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

CVE-2026-4998 Sinaptik AI PandasAI Chat Message code_executor.py CodeExecutor.execute code injection

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

CVE-2026-4998

CVE-2026-4998 affects Sinaptik AI PandasAI up to 3.0.0, specifically the CodeExecutor.execute function in pandasai/core/code_execution/code_executor.py within the Chat Message Handler. The description states that executing a manipulation can lead to code injection, with remote exploitation possib...

CVE-2026-32669

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products...

Arbitrary Code Injection

froxlor/froxlor is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper validation of DNS record content in the DomainZones.add endpoint, which allows an attacker to inject malicious directives into zone files and manipulate DNS configuration...

PandasAI 代码注入漏洞

PandasAI is a Python library that integrates artificial intelligence functions into pandas, making data frames interactive. Versions of PandasAI 3.0.0 and earlier contained a code injection vulnerability, which was caused by incorrect operations on the CodeExecutor.execute function, potentially...

elecV2P 代码注入漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have a code injection vulnerability. This vulnerability stems from improper handling of the parameter filename by unknown functions in the...

elecV2P 代码注入漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have a code injection vulnerability. This vulnerability stems from improper handling of the parameter rawcode in the runJSFile function of the...

CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

CVE-2026-33940

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the Agentic Assistant validation process. An attacker can execute arbitrary server-side Python code by supplying input that causes the assistant to return malicious component code, which is then...

CVE-2026-33881

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

CVE-2026-33943

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

CVE-2026-33943

Happy DOM CVE-2026-33943 involves a code-injection vulnerability in the ECMAScriptModuleCompiler: in versions 15.10.0 through 20.8.7, unsanitized content within export { ... } in ES modules is interpolated into generated code as an executable expression, with backticks not removed, enabling templ...

CVE-2026-33943 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions insi...

CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

CVE-2026-33881

Windmill CVE-2026-33881 affects the NativeTS executor in Windmill’s workspace environment. The flaw arises because workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes, allowing a workspace admin to inject arbitrary JavaScript that ...

CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

EUVD-2026-16820

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...