Skip to content

Commit 79cc9c9

Browse files
1 parent d487ea6 commit 79cc9c9

5 files changed

Lines changed: 296 additions & 0 deletions

File tree

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7grq-p359-8hc8",
4+
"modified": "2026-05-31T12:30:25Z",
5+
"published": "2026-05-31T12:30:25Z",
6+
"aliases": [
7+
"CVE-2026-10179"
8+
],
9+
"details": "A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10179"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_16/16.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-10179"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/814773"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/367460"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367460/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-31T11:16:47Z"
55+
}
56+
}
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-f9g4-qjmq-f49r",
4+
"modified": "2026-05-31T12:30:25Z",
5+
"published": "2026-05-31T12:30:25Z",
6+
"aliases": [
7+
"CVE-2026-10176"
8+
],
9+
"details": "A weakness has been identified in Aider-AI Aider 0.86.3. Affected by this issue is some unknown functionality of the component Code Generation Workflow. Executing a manipulation can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10176"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Aider-AI/aider/issues/5077"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/Aider-AI/aider"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/cve/CVE-2026-10176"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/submit/819910"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367457"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/vuln/367457/cti"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-74"
54+
],
55+
"severity": "LOW",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-05-31T10:16:17Z"
59+
}
60+
}
Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hchg-qm84-cj9p",
4+
"modified": "2026-05-31T12:30:25Z",
5+
"published": "2026-05-31T12:30:25Z",
6+
"aliases": [
7+
"CVE-2026-10177"
8+
],
9+
"details": "A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. It is suggested to install a patch to address this issue. The pull request to fix this issue awaits acceptance.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10177"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Aider-AI/aider/issues/5075"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/Aider-AI/aider/pull/5137"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/Aider-AI/aider"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/cve/CVE-2026-10177"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/submit/819911"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/vuln/367458"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/vuln/367458/cti"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-918"
58+
],
59+
"severity": "LOW",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2026-05-31T11:16:46Z"
63+
}
64+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jxjp-7j6j-636j",
4+
"modified": "2026-05-31T12:30:25Z",
5+
"published": "2026-05-31T12:30:25Z",
6+
"aliases": [
7+
"CVE-2026-10180"
8+
],
9+
"details": "A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10180"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_17/17.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-10180"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/814774"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/367461"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367461/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "LOW",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-05-31T12:16:17Z"
55+
}
56+
}
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-pgqf-5p6f-7qwq",
4+
"modified": "2026-05-31T12:30:25Z",
5+
"published": "2026-05-31T12:30:25Z",
6+
"aliases": [
7+
"CVE-2026-10178"
8+
],
9+
"details": "A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10178"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/gtxy114514/CVE/issues/7"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/cve/CVE-2026-10178"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/submit/819912"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/367459"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/vuln/367459/cti"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-74"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-05-31T11:16:47Z"
59+
}
60+
}

0 commit comments

Comments
 (0)