Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

164 matches found

NVD
NVDadded 5 days ago9 views

CVE-2026-56383

Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...

4.8CVSS0.00177EPSS
Exploits0References3
CVE
CVEadded 5 days ago13 views

CVE-2026-56383

CVE-2026-56383 : Craft CMS contains a stored XSS in the editableTable.twig component via the Row Heading column type. The vulnerability arises from unsanitized input in row heading default values, enabling an attacker with an administrator account (when allowAdminChanges is enabled) to inject arb...

4.8CVSS5.8AI score0.00177EPSS
Exploits0References3
EUVD
EUVDadded 5 days ago5 views

EUVD-2026-38177

Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...

4.8CVSS5.8AI score0.00177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 5 days ago2 views

CVE-2026-56383

Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...

4.8CVSS5.8AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelistadded 5 days ago32 views

CVE-2026-56383 Craft CMS - Stored XSS in Table Field via Row Heading Column Type

Craft CMS contains a stored cross-site scripting XSS vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attacker with an administrator account with allowAdminChanges...

4.8CVSS0.00177EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.9 views

PT-2026-44848

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description AVideo stores category descriptions from user input and renders the category description variable as raw HTML in the Gallery view. A user with permissions to create or edit categories can inject...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References4
Snyk
Snykadded 2026/05/11 4:15 p.m.3 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment during the processing of the helperPod.yaml template. An attacker can gain unauthorized access to sensitive host files, read ServiceAccount tokens from other pods, access other tenants' volume data, or...

8.7CVSS5.4AI score0.00368EPSS
Exploits0References3
OSV
OSVadded 2026/05/09 12:30 p.m.9 views

OESA-2026-2216 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...

9.8CVSS5.8AI score0.00689EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/05/05 12:0 a.m.36 views

CVE-2026-38431

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection SSTI. An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered...

0.0039EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/05/05 12:0 a.m.9 views

PT-2026-37089

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.103.2 Description The Email Template engine allows an attacker with permissions to create or edit email templates to inject malicious JavaScript code. This code is executed in the victim's browser when the template...

6.1CVSS5.9AI score0.00175EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/04/29 8:48 p.m.5 views

CVE-2026-7316

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

7.5CVSS7AI score0.01334EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/29 2:49 p.m.3 views

CVE-2026-7157

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...

7.5CVSS7AI score0.01338EPSS
Exploits0References1
NVD
NVDadded 2026/04/28 10:16 p.m.4 views

CVE-2026-7316

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

7.5CVSS0.01334EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/28 8:15 p.m.6 views

EUVD-2026-26153

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

7.5CVSS7AI score0.01334EPSS
Exploits0References5
CVE
CVEadded 2026/04/28 8:15 p.m.8 views

CVE-2026-7316

CVE-2026-7316 affects the eiliyaabedini aider-mcp project (up to commit 667b914301aada695aab0e46d1fb3a7d5e32c8af), specifically the code_with_ai component and the aider_mcp.py file. The vulnerability arises from manipulation of the working_dir/editable_files argument, enabling a command injection...

7.5CVSS7AI score0.01334EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.5 views

PT-2026-35829

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider mcp.py of the component code with ai. The manipulation of the argument working dir/editable files leads to command injection. The attack may ...

7.5CVSS7AI score0.01334EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.7 views

MyMCP 注入漏洞

MyMCP is a tool developed by Eiliya’s individual developer, capable of executing multiple AI coding tasks simultaneously. MyMCP has a vulnerability that stems from an unknown function parameter in the codewithai component, specifically the operation workingdir/editablefiles. This operation leads ...

7.5CVSS7.1AI score0.01334EPSS
Exploits0References2
NVD
NVDadded 2026/04/27 9:16 p.m.6 views

CVE-2026-7157

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...

7.5CVSS0.01338EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/27 8:45 p.m.27 views

CVE-2026-7157 disler aider-mcp-server aider_ai_code server.py command injection

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...

7.5CVSS0.01338EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/04/27 8:45 p.m.5 views

CVE-2026-7157 disler aider-mcp-server aider_ai_code server.py command injection

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aidermcpserver/server.py of the component aideraicode. This manipulation of the argument relativeeditablefiles causes command...

7.5CVSS7AI score0.01338EPSS
Exploits0References5
Rows per page
Query Builder