158 matches found
PT-2026-44848
Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description AVideo stores category descriptions from user input and renders the category description variable as raw HTML in the Gallery view. A user with permissions to create or edit categories can inject...
OESA-2026-2216 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...
CVE-2026-38431
ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection SSTI. An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered...
PT-2026-37089
Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.103.2 Description The Email Template engine allows an attacker with permissions to create or edit email templates to inject malicious JavaScript code. This code is executed in the victim's browser when the template...
CVE-2026-7316
A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...
CVE-2026-7157
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...
CVE-2026-7316
A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...
EUVD-2026-26153
A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...
CVE-2026-7316
CVE-2026-7316 affects the eiliyaabedini aider-mcp project (up to commit 667b914301aada695aab0e46d1fb3a7d5e32c8af), specifically the code_with_ai component and the aider_mcp.py file. The vulnerability arises from manipulation of the working_dir/editable_files argument, enabling a command injection...
PT-2026-35829
A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider mcp.py of the component code with ai. The manipulation of the argument working dir/editable files leads to command injection. The attack may ...
MyMCP 注入漏洞
MyMCP is a tool developed by Eiliya’s individual developer, capable of executing multiple AI coding tasks simultaneously. MyMCP has a vulnerability that stems from an unknown function parameter in the codewithai component, specifically the operation workingdir/editablefiles. This operation leads ...
CVE-2026-7157
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...
CVE-2026-7157
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...
CVE-2026-7157
Affects disler aider-mcp-server (up to b2516fa466d0d851932da92ee6d0e66946db9efc) in the component aider_ai_code, specifically the file src/aider_mcp_server/server.py. The vulnerability arises from a manipulation of the argument relative_editable_files, leading to command injection. Remote exploit...
EUVD-2026-25924
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...
CVE-2026-7157 disler aider-mcp-server aider_ai_code server.py command injection
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...
CVE-2026-7157 disler aider-mcp-server aider_ai_code server.py command injection
A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...
Pimcore 跨站脚本漏洞
Pimcore is an open-source web content management platform developed by Pimcore GmbH in Austria. This platform integrates applications such as web content management, e-commerce frameworks, and product information management. Version 12.3.3 of Pimcore contains a cross-site scripting vulnerability...
Aider MCP Server 注入漏洞
Aider MCP Server is an AI coding task unloading and collaboration tool developed by IndyDevDan. There is a vulnerability in Aider MCP Server, which stems from an unknown function in the aideraicode component file src/aidermcpserver/server.py. This function improperly handles the parameter...
BIT-DJANGO-2026-4292 Privilege abuse in ModelAdmin.list_editable
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...