109 matches found
CVE-2026-10174
A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...
CVE-2026-10174
A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...
EUVD-2026-33494
A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...
CVE-2026-10174 Aider-AI Aider Pre-commit Hook args.py protection mechanism
A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...
CVE-2026-10174
Summary of CVE-2026-10174 (Aider-AI Aider 0.86.3): Affected is an unknown function in the file aider/args.py of the Pre-commit Hook Handler. Manipulation of the argument git-commit-verify leads to protection mechanism failure. The vulnerability may be exploitable remotely, with exploitation infor...
PT-2026-45183
A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...
Aider 安全漏洞
Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a security vulnerability. This vulnerability stems from the git-commit-verify operation in the Pre-commit Hook Handler component, which causes the protection mechanism to fail. An...
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 session resumption logic if the subsequent ClientHello negotiates TLS 1.2 back. An attacker can gain unauthorized access by impersonating a...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the processing of Slack interactive callbacks, specifically blockaction, viewsubmission, and viewclosed. An attacker can inject unauthorized system-event text...
CVE-2025-15586
OpenGamePanel (OGP-Website) is affected by a type juggling flaw in PHP comparisons present in commits prior to 52f865a4fba763594453068acf8fa9e3fc38d663. If exploited, this can enable authentication bypass without knowledge of the victim’s password. Public references (Red Hat CVE page, NVD entry, ...
Soft Serve does not sanitize ANSI escape sequences in user input
Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...
EUVD-2023-1813
Malicious code in bioql PyPI...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ReadOneJNGImage function. An attacker can access data on the heap or cause memory corruption by tricking a user into processing a specially crafted image file. Remediation A fix was pushed into the...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Transfer-Encoding: chunked process. An attacker can exhaust server memory resources by sending specially crafted HTTP requests with chunked transfer encoding or without a...
CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...
OPENSUSE-SU-2025:15060-1 kanidm-1.6.0~git0.d7ae0f336-1.1 on GA media
These are all security issues fixed in the kanidm-1.6.0git0.d7ae0f336-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2020-4059
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
VulnCheck KEV: CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands...
MAL-2024-9461 Malicious code in git-commit-message-convention (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94d09a62681923adfe2316c61633ccb26eeaa743e0350118824ffd40bb4c038c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in git-commit-message-convention (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94d09a62681923adfe2316c61633ccb26eeaa743e0350118824ffd40bb4c038c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...