Lucene search
K

2324 matches found

CVE
CVE
added 2026/06/04 3:54 p.m.45 views

CVE-2026-46741

Etsy::StatsD for Perl (versions up to 1.002002) is affected by metric injection due to unvalidated metric names and values containing newlines, colons, or pipes. The issue can allow an attacker to inject additional statsd metrics when metrics are generated from untrusted sources, with the Git rep...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 3:54 p.m.38 views

CVE-2026-46741 Etsy::StatsD versions through 1.002002 for Perl allow metric injections

Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the...

0.00262EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 3:45 p.m.12 views

CVE-2026-46739 Net::Statsd versions before 0.13 for Perl allow metric injections

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

5.8AI score0.00258EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/04 3:45 p.m.33 views

CVE-2026-46739 Net::Statsd versions before 0.13 for Perl allow metric injections

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

0.00258EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 3:45 p.m.10 views

CVE-2026-46739

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References4
CVE
CVE
added 2026/06/04 3:45 p.m.25 views

CVE-2026-46739

Net::Statsd for Perl with versions prior to 0.13 is vulnerable to metric injections. The flaw arises because metric names aren’t checked for newlines, colons, or pipes, allowing untrusted-sourced metrics to inject additional statsd metrics. Additionally, update_stats and gauge do not validate tha...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.33 views

PT-2026-46265

Name of the Vulnerable Software and Affected Versions Etsy::StatsD versions prior to 1.002002 Description Etsy::StatsD for Perl allows metric injections because metric names and values are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted sources to inject...

7.5CVSS5.4AI score0.00262EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46264

Name of the Vulnerable Software and Affected Versions Net::Statsd versions prior to 0.13 Description Net::Statsd for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted sources to inject additional stats...

5.3CVSS5.4AI score0.00258EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/03 11:45 p.m.47 views

CVE-2026-8722 Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

0.00203EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 11:45 p.m.12 views

CVE-2026-8722

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

5.8AI score0.00203EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 9:4 a.m.22 views

CVE-2026-40546

SOPlanning (affected versions 1.55 and earlier) is vulnerable to SQL Injection across multiple endpoints and parameters. An attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control of the database. This is documented under CVE-2026-40546; related CVEs descr...

8.7CVSS6AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.30 contained a security vulnerability, which was caused by issues with the servepluginskill/skillview function in the tools/skillstool.py file. This...

7.5CVSS7.3AI score0.00304EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from SQL injections in several functions, potentially leading to local privilege escalation...

7.8CVSS5.7AI score0.00094EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 11:36 a.m.13 views

EUVD-2026-32892

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

5.8AI score0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 11:36 a.m.9 views

CVE-2026-9658

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

5.8AI score0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 10:48 p.m.10 views

CVE-2026-46740

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/26 10:48 p.m.7 views

CVE-2026-46740 Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

5.8AI score0.00326EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/05/26 9:13 a.m.22 views

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team CERT-In has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse ...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.8 views

IBM Engineering Lifecycle Management 安全漏洞

IBM Engineering Lifecycle Management is an engineering lifecycle management platform provided by American multinational company International Business Machines IBM. Versions 7.0.3, 7.1.0, and 7.2.0 of IBM Engineering Lifecycle Management contain security vulnerabilities. These vulnerabilities ste...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

MikroORM SQL注入漏洞

MikroORM is an open-source framework from MikroORM that supports type-safe object-relational mapping for multiple databases. MikroORM has a SQL injection vulnerability; this vulnerability arises from improper escaping of identifiers and JSON path injections, which may lead to SQL injections...

7.6CVSS5.8AI score0.01252EPSS
Exploits2References6
Rows per page
Query Builder