Lucene search
+L

450 matches found

redhatcve
redhatcve
added 2026/06/05 7:42 p.m.12 views

CVE-2025-15622

Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication fl...

6.2CVSS5.5AI score0.00155EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:42 p.m.11 views

CVE-2025-15621

Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication...

5.7CVSS5.4AI score0.00115EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:16 p.m.12 views

CVE-2026-42098

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

8.7CVSS5.5AI score0.00401EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/02 4:1 p.m.14 views

CVE-2026-10175

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

6.5CVSS5.6AI score0.00242EPSS
Exploits0References1
osv
osv
added 2026/05/31 9:31 a.m.3 views

GHSA-7W7M-V5VP-W699 Aider is vulnerable to Code Injection via editor_coder.run function

A security flaw has been discovered in Aider-AI Aider 0.86.3.dev. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has...

6.3CVSS6.2AI score0.00242EPSS
Exploits0References7
nvd
nvd
added 2026/05/31 9:16 a.m.16 views

CVE-2026-10175

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

6.5CVSS0.00242EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/31 8:45 a.m.44 views

CVE-2026-10175 Aider-AI Aider Architect Mode auth.py editor_coder.run code injection

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

6.5CVSS0.00242EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/05/31 8:45 a.m.12 views

CVE-2026-10175 Aider-AI Aider Architect Mode auth.py editor_coder.run code injection

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References6
euvd
euvd
added 2026/05/31 8:45 a.m.16 views

EUVD-2026-33495

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References6
cve
cve
added 2026/05/31 8:45 a.m.43 views

CVE-2026-10175

Affected software : Aider-AI Aider 0.86.3, Architect Mode. Vulnerable component : editor_coder.run in auth.py. Vulnerability : input manipulation enables code injection. Impact : remote execution possible over network; CVSS indicates MEDIUM with low confidentiality/integrity/availability impact. ...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/05/31 8:45 a.m.12 views

CVE-2026-10175

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

6.5CVSS5.6AI score0.00242EPSS
Exploits0References6Affected Software1
osv
osv
added 2026/05/31 8:45 a.m.3 views

CVE-2026-10175 Aider-AI Aider Architect Mode auth.py editor_coder.run code injection

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

5.3CVSS6.2AI score0.00242EPSS
Exploits0References8
cnnvd
cnnvd
added 2026/05/31 12:0 a.m.11 views

Aider 代码注入漏洞

Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a code injection vulnerability. This vulnerability arises from the operation editorcoder.run in the Architect Mode component, allowing for code injection. Attackers can launch attacks...

6.5CVSS6.7AI score0.00242EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/05/31 12:0 a.m.13 views

PT-2026-45184

Name of the Vulnerable Software and Affected Versions Aider-AI Aider version 0.86.3 Description A security flaw in the Architect Mode component allows for remote code injection. The issue resides within the editor coder.run function located in the auth.py file. Recommendations At the moment, ther...

6.5CVSS6.8AI score0.00242EPSS
Exploits0References16
packetstorm
packetstorm
added 2026/05/26 12:0 a.m.110 views

📄 Sparx Pro Cloud Server 6.1 / Sparx Enterprise Architect 17.1 SQL Injection

Multiple vulnerabilities in Sparx Pro Cloud Server PCS versions 6.1 and below and Sparx Enterprise Architect versions 17.1 and below allow a remote unauthenticated attacker to execute arbitrary SQL queries both read and write within any configured database. In the case where PCS is installed with...

9.3CVSS6.5AI score0.00941EPSS
Exploits3
ibm
ibm
added 2026/05/20 3:24 p.m.9 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU for Rational Software Architect Designer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition,Versions 8 and Java 17 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM SDK, Java Technology Edition...

7.5CVSS7.1AI score0.00702EPSS
Exploits0Affected Software1
nvd
nvd
added 2026/05/19 2:16 p.m.24 views

CVE-2026-42098

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

8.7CVSS0.00401EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/05/19 12:59 p.m.9 views

CVE-2026-42098

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

8.7CVSS5.8AI score0.00598EPSS
Exploits2References5
euvd
euvd
added 2026/05/19 12:59 p.m.11 views

EUVD-2026-30930

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

8.7CVSS5.8AI score0.00598EPSS
Exploits2References4
cvelist
cvelist
added 2026/05/19 12:59 p.m.43 views

CVE-2026-42098 Authorization Bypass in Sparx Enterprise Architect

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior e.g. using a debugger and log in as any other user or administrator - then it is possible to do every...

8.7CVSS0.00401EPSS
Exploits0References4
Rows per page
Query Builder