CVE-2026-10175

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-10175 Aider-AI Aider Architect Mode auth.py editor_coder.run code injection

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-10175 Aider-AI Aider Architect Mode auth.py editor_coder.run code injection

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-10175

Affected software : Aider-AI Aider 0.86.3, Architect Mode. Vulnerable component : editor_coder.run in auth.py. Vulnerability : input manipulation enables code injection. Impact : remote execution possible over network; CVSS indicates MEDIUM with low confidentiality/integrity/availability impact. ...

PT-2026-36726

Name of the Vulnerable Software and Affected Versions janeczku Calibre-Web versions prior to 0.6.27 Description Improper authorization occurs in the Endpoint component due to the manipulation of the user id argument within the generate auth token function located in the cps/kobo auth.py file. Thi...

Calibre-Web 安全漏洞

Calibre-Web is a web application developed by Jan B, designed for browsing, reading, and downloading e-books from the Calibre database. Calibre-Web versions 0.6.26 and earlier contain security vulnerabilities. These vulnerabilities stem from the generateauthtoken function in the Endpoint...

GHSA-MQ9Q-25HM-G4GP AstrBot Makes Use of Hard-coded Password

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

CVE-2026-7579 AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

CVE-2026-7579

The vulnerability CVE-2026-7579 affects AstrBotDevs AstrBot (Dashboard component), specifically in the file astrbot/dashboard/routes/auth.py where hard-coded credentials are manipulated. This issue can be exploited remotely, and exploitation has been disclosed publicly. Affected software version ...

MGASA-2026-0065 Updated roundcubemail packages fix security vulnerabilities

Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler, reported by y0us. Fix bug where a password could get changed without providing the old password, reported by flydragon777. Fix IMAP Injection + CSRF bypass in mail search, reported by Martila Security...

EUVD-2026-11619

A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...

CVE-2026-4045

A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...

CVE-2025-15105

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

EUVD-2025-205469

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

CVE-2025-15105 getmaxun auth.ts hard-coded key

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument apikey results in use of hard-coded cryptographic key . Remote exploitation of the attack...

CVE-2025-15105

CVE-2025-15105 affects getmaxun maxun up to version 0.0.28. The vulnerability is in the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts, where manipulation of the argument api_key results in the use of a hard-coded cryptographic key. This enables remote exploitation and is described a...

CVE-2025-12342 Serdar Bayram Ghost Hot Spot Login Auth.php sql injection

A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

Serdar Bayram Ghost Hot Spot SQL注入漏洞

Serdar Bayram Ghost Hot Spot is a Portal Authentication System software by Serdar Bayram Individual Developer. A SQL injection vulnerability exists in Serdar Bayram Ghost Hot Spot 20251014 and earlier versions, which stems from a SQL injection vulnerability in the component Login in the file...

openNDS Security Vulnerabilities

openNDS is openNDS open source a high-performance, small footprint portal system. A security vulnerability exists in openNDS version 10.2.0, which originates from a post-release reuse vulnerability in the /openNDS/src/auth.c file...

CVE-2024-0529

A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/loginauth.php of the component HTTP POST Request Handler. The manipulation of the argument usernamelogin leads to sql injection...