CVE-2026-32669

Summary: CVE-2026-32669 is a code-injection vulnerability affecting BUFFALO Wi‑Fi router products. The issue could permit an attacker to execute arbitrary code on affected devices. According to the documented metrics, the attack is network-based with no authentication and no user interaction requ...

CVE-2026-32669

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products...

CVE-2026-32669

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products...

PT-2026-28548

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.664.0 Description Windmill, a developer platform for internal code including APIs, background jobs, workflows, and UIs, is affected by a code injection issue. Workspace environment variable values are interpolated...

QDocs Smart School Management System 代码注入漏洞

QDocs Smart School Management System is a smart community-building system developed by QDocs Corporation. Versions of the QDOCS Smart School Management System prior to 7.2 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in the...

Langflow 代码注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Prior to Langflow 1.9.0, there was a code injection vulnerability. This vulnerability stemmed from the Agentic Assistant feature, which executed Python code generated by the LLM...

BentoML 代码注入漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.37, there was a code injection vulnerability. This vulnerability stemmed from the docker.systemPackages...

Code-Projects Social Networking Site 代码注入漏洞

Code-Projects Social Networking Site is an open-source social networking site developed by Code-Projects. Version 1.0 of Code-Projects Social Networking Site contains a code injection vulnerability, which stems from incorrect handling of the content parameter in the /home.php file. This...

Wazuh 代码注入漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. There is a code injection vulnerability in versions 2.1.0 before 4.8.0 of Wazuh Agent an...

PT-2026-28466

Name of the Vulnerable Software and Affected Versions Home Assistant versions 2020.02 through 2026.01 Description Home Assistant, an open-source home automation software, contains a flaw where an authenticated user can inject malicious code into a device entity name. This allows for Cross-Site...

WindMill 代码注入漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.664.0 contained a code injection vulnerability. This vulnerability occurred when JavaScript string literals were inserted int...

smolagents 安全漏洞

smolagents is a basic library for agents, open-sourced by Hugging Face. Version smolagents 1.25.0.dev0 contains a security vulnerability, which stems from incorrect operations on functions in the file src/smolagents/localpythonexecutor.py, potentially leading to code injection...

happy-dom 代码注入漏洞

Happy-Dom is a JavaScript implementation of a web browser with no graphical interface, developed by David Ortner. Versions of Happy-Dom prior to 20.8.7 contained a code injection vulnerability. This vulnerability stemmed from issues with the ECMAScriptModuleCompiler, which could allow attackers t...

PT-2026-28440

Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A code injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow for the execution of arbitrary code on affected devices...

BUFFALO Wi-Fi router 代码注入漏洞

The BUFFALO Wi-Fi router is a series of routers developed by the Japanese company BUFFALO. The BUFFALO Wi-Fi router has a code injection vulnerability, which means that arbitrary code can be executed due to this flaw...

OpenUI 代码注入漏洞

OpenUI is an open-source UI program developed byWeights & Biases. Versions of OpenUI 1.0 and earlier had a code injection vulnerability, which was caused by incorrect handling of parameter IDs, potentially leading to HTML injection...

GHSA-6Q6H-J7HJ-3R64 Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

Arbitrary Code Injection

Overview happy-dom is a Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. It includes many web standards from WHATWG DOM and HTML. Affected versions of this package are vulnerable to Arbitrary Code Injection in the ECMAScript module compilation proces...

Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code

Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...

CVE-2026-25001

Improper Control of Generation of Code 'Code Injection' vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through = 4.0.12...