Common Vulnerabilities and Exposures (CVE)

CVE-2026-10176

Jun 2, 2026 14:46:00 UTC

A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely...

CVE-2026-39552

Jun 2, 2026 14:45:53 UTC

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5.

CVE-2026-39553

Jun 2, 2026 14:45:37 UTC

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4.

CVE-2026-45302

Jun 2, 2026 14:45:17 UTC

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData field names into nested objects without filtering reserved pr...

CVE-2026-10175

Jun 2, 2026 14:43:56 UTC

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor_coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote e...

CVE-2026-8993

Jun 2, 2026 14:43:00 UTC

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection t...

CVE-2026-46718

Jun 2, 2026 14:41:35 UTC

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes t...

CVE-2026-49782

Jun 2, 2026 14:41:13 UTC

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0.

CVE-2026-30649

Jun 2, 2026 14:40:29 UTC

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component

CVE-2026-10170

Jun 2, 2026 14:39:45 UTC

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone_0.php. This manipulation of the argument phone causes sql injection. The attack may be ini...

CVE-2026-25260

Jun 2, 2026 14:38:37 UTC

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.

CVE-2026-35222

Jun 2, 2026 14:37:50 UTC

Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.

CVE-2026-32589

Jun 2, 2026 14:37:37 UTC

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do...

CVE-2026-30894

Jun 2, 2026 14:36:39 UTC

Lack of output escaping leads to a XSS vector in the content history component.

CVE-2022-37398

Jun 2, 2026 14:35:56 UTC

A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and belo...