Themes Coder Ecommerce <= 1.3.4 - SQL Injection

The Themes Coder Ecommerce WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2024-13726 info: name: Themes Coder Ecommerce = 1.3.4 - SQL...

CVE-2026-10175

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-10175 Aider-AI Aider Architect Mode auth.py editor_coder.run code injection

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-10175 Aider-AI Aider Architect Mode auth.py editor_coder.run code injection

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-10175

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-10175

Affected software : Aider-AI Aider 0.86.3, Architect Mode. Vulnerable component : editor_coder.run in auth.py. Vulnerability : input manipulation enables code injection. Impact : remote execution possible over network; CVSS indicates MEDIUM with low confidentiality/integrity/availability impact. ...

Aider 代码注入漏洞

Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a code injection vulnerability. This vulnerability arises from the operation editorcoder.run in the Architect Mode component, allowing for code injection. Attackers can launch attacks...

Linux Distros Unpatched Vulnerability : CVE-2026-45664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-45664 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: packer-fips, apko-fips, wolfictl, gitsign, kaniko-fips, src-fingerprint-fips, witness, external-secrets-operator, nfpm, kyverno-fips, gitea, kubescape, mapotf-fips, trivy-operator, grype-fips, gitlab-runner, grype-db, gitlab-runner-fips, flux-fips, argo-workflows-fip...

CVE-2026-45571 vulnerabilities

Vulnerabilities for packages: packer-fips, apko-fips, wolfictl, gitsign, kaniko-fips, src-fingerprint-fips, witness, external-secrets-operator, nfpm, kyverno-fips, gitea, kubescape, mapotf-fips, trivy-operator, grype-fips, gitlab-runner, grype-db, gitlab-runner-fips, flux-fips, argo-workflows-fip...

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: packer-fips, apko-fips, wolfictl, gitsign, kaniko-fips, src-fingerprint-fips, witness, external-secrets-operator, nfpm, kyverno-fips, gitea, kubescape, mapotf-fips, trivy-operator, grype-fips, gitlab-runner, grype-db, gitlab-runner-fips, flux-fips, argo-workflows-fip...

CVE-2026-45570 vulnerabilities

Vulnerabilities for packages: packer-fips, apko-fips, wolfictl, gitsign, kaniko-fips, src-fingerprint-fips, witness, external-secrets-operator, nfpm, kyverno-fips, gitea, kubescape, mapotf-fips, trivy-operator, grype-fips, gitlab-runner, grype-db, gitlab-runner-fips, flux-fips, argo-workflows-fip...

Astra Linux - уязвимость в imagemagick

A flaw was discovered in ImageMagick’s coders, specifically in the webp.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The most significant threat of this vulnerability is the impact on system...

Astra Linux - уязвимость в imagemagick

There are several memory leaks in the MIFF coder located at /coders/miff.c, due to improper image depth values. These leaks can be triggered by a specially crafted input file. These issues could potentially affect the availability of the application or cause a denial of service. It was initially...

Astra Linux - уязвимость в imagemagick

ImageMagick is free software available as a ready-to-run binary distribution or as source code that you can use, copy, modify, and distribute in both open and proprietary applications. In affected versions, Postscript files may be read and written when specifically excluded by a module policy in...

GHSA-6X44-W3XG-HQQF Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Summary azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. "vmId":"" and the forged vmId will be accepted returning the...

ImageMagick: Policy Bypass in MNG coder could

Because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use...

JLSEC-2026-495 GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c,...

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call...

Malicious code in dcchbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79831d1b486c8ca704295b410cec7b66be85aa87c3244d97ff1e87f643183a The package performs multiple installer-hostile behaviors. 1 dcchbot/init.py auto-invokes run on import, which triggers interactive input prompts and...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017608 advisory. A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form...