CVE-2026-46720

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

CVE-2026-46720

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

EUVD-2026-30706

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

CVE-2026-46720

Net::Statsd::Tiny for Perl is affected by CVE-2026-46720 in versions before 0.3.8. The vulnerability arises because metric names and set values are not validated for newlines, colons, or pipes, allowing metrics from untrusted sources to inject additional statsd metrics. Affected product/version: ...

@3w5h/knowledge_query (=1.0.30), @3w5h/utils (>=1.0.0 <=1.0.7) +574 more potentially affected by CVE-2026-23965 via sm-crypto (>=0.0.9 <=0.3.8)

sm-crypto NPM version =0.0.9, =1.0.0, =0.1.0, =4.4.42, =0.0.2, =2.2.6, =2.2.6, =2.2.6, =2.3.10, =2.1.4, =2.2.6, =2.2.6, =2.2.6, =2.1.15, =2.3.9 and more Source cves: CVE-2026-23965 Source advisory: SNYK:JS-SMCRYPTO-15054484...

CVE-2025-12355

CVE-2025-12355 refers to the Payaza WordPress plugin. The vulnerability is a missing capability check on the AJAX endpoint wp_ajax_nopriv_update_order_status, allowing unauthenticated attackers to modify order statuses. Affected versions are all up to and including 0.3.8. The public reports descr...

CVE-2025-12355 Payaza <= 0.3.8 - Missing Authorization to Unauthenticated Order Status Update

The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivupdateorderstatus' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses...

EUVD-2025-201357

The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxnoprivupdateorderstatus' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses...

PT-2025-49226

The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax nopriv update order status' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthenticated attackers to update order statuses...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1226 more potentially affected by CVE-2025-65106 via langchain-core (>=0.0.1 <=0.3.8)

langchain-core PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =3.2.0, =2.1.7, =0.0.2, =0.0.5 and more Source cves: CVE-2025-65106 Source advisory: SNYK:PYTHON-LANGCHAINCORE-14100977...

a2a-client-handler (=0.1.0), aa-rag (>=0.1.0 <=0.4.3) +1309 more potentially affected by CVE-2025-6985 via langchain-text-splitters (>=0.0.1 <=0.3.8)

langchain-text-splitters PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.1.0, =0.1.0, =1.0.0rc1, =3.2.0, =0.1.0, =0.1.3 and more Source cves: CVE-2025-6985 Source advisory: OSV:GHSA-M42M-M8CR-8M58...

langchain-text-splitters 代码问题漏洞

langchain-text-splitters is a Python package open-sourced by LangChain. A code issue vulnerability exists in langchain-text-splitters version 0.3.8, which stems from the HTMLSectionSplitter class allowing the use of arbitrary XSLT stylesheets, which could lead to an XML External Entity Attack,...

EUVD-2023-0270

Malicious code in bioql PyPI...

EUVD-2023-0272

Malicious code in bioql PyPI...

EUVD-2025-6970

Malicious code in bioql PyPI...

EUVD-2023-0271

Malicious code in bioql PyPI...

EUVD-2025-6939

Malicious code in bioql PyPI...

EUVD-2023-0269

Malicious code in bioql PyPI...

EUVD-2025-6928

Malicious code in bioql PyPI...

EUVD-2023-0276

Malicious code in bioql PyPI...