Lucene search
K

476 matches found

EUVD
EUVD
โ€ขadded 2026/07/06 8:17 p.m.โ€ข7 views

EUVD-2026-24979

comm: FIFO/pipe inputs are drained before comparison data loss / hang...

4.4CVSS5.9AI score0.00135EPSS
Exploits0References5
NVD
NVD
โ€ขadded 2026/06/25 7:16 p.m.โ€ข10 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/06/25 6:3 p.m.โ€ข7 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS6.1AI score0.00184EPSS
Exploits0References2Affected Software1
OSV
OSV
โ€ขadded 2026/06/23 5:59 p.m.โ€ข4 views

GHSA-3VWC-QWHC-3MJ7 Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

Summary The securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process AMP...

7.8CVSS6.3AI score0.00184EPSS
Exploits0References3
OSV
OSV
โ€ขadded 2026/06/14 12:16 p.m.โ€ข7 views

ALPINE-CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

9.8CVSS5.5AI score0.01353EPSS
Exploits0References1
EUVD
EUVD
โ€ขadded 2026/06/14 11:39 a.m.โ€ข14 views

EUVD-2026-36659

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

5.4AI score0.01353EPSS
Exploits0References2
Packet Storm
Packet Storm
โ€ขadded 2026/06/11 12:0 a.m.โ€ข60 views

๐Ÿ“„ FIFOFox: Windows Named-Pipe Weak Permission and Access Control Validation

This C-based framework analyzes Windows named pipes for insecure permission configurations and weak access controls that could introduce privilege boundary issues. The code collects metadata about target pipes, inspects security descriptors and DACL configurations, checks for potentially unsafe...

5.6AI score
Exploits0
Vulnrichment
Vulnrichment
โ€ขadded 2026/06/10 6:32 p.m.โ€ข7 views

CVE-2026-50637 Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions allow mutiple metrics, separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the name...

5.8AI score0.00323EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/06/05 2:50 p.m.โ€ข8 views

CVE-2026-11362

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The formatevent method used by the event method does not validate the content of the tags, whi...

5.4AI score0.00447EPSS
Exploits0References4
Cvelist
Cvelist
โ€ขadded 2026/06/05 2:50 p.m.โ€ข45 views

CVE-2026-11362 DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The formatevent method used by the event method does not validate the content of the tags, whi...

0.00447EPSS
Exploits0References3
CVE
CVE
โ€ขadded 2026/06/05 2:50 p.m.โ€ข31 views

CVE-2026-11362

DataDog::DogStatsd for Perl versions through 0.07 is vulnerable to metric injections via event tags. The root cause is the format_event method not validating tag content, allowing commas, newlines, pipes and colons in tags; an ineffective pipe-removal attempt (s/|//g) due to unescaped pipe being ...

9.8CVSS5.4AI score0.00447EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
โ€ขadded 2026/06/05 12:0 a.m.โ€ข15 views

FIFOFox: Windows Named-Pipe Security Auditor and Fuzzer

FIFOFox is a Windows named-pipe security assessment tool for identifying weak pipe permissions, pipe-squatting exposure, and named-pipe impersonation attack paths. It combines passive auditing with authorized active testing, including fuzzing and interception-style capture, to help defenders find...

5.4AI score
Exploits0
NVD
NVD
โ€ขadded 2026/06/04 5:16 p.m.โ€ข12 views

CVE-2026-46739

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

5.3CVSS0.00258EPSS
Exploits0References3
EUVD
EUVD
โ€ขadded 2026/06/04 12:30 a.m.โ€ข19 views

EUVD-2026-34188

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
โ€ขadded 2026/06/04 12:0 a.m.โ€ข33 views

PT-2026-46265

Name of the Vulnerable Software and Affected Versions Etsy::StatsD versions prior to 1.002002 Description Etsy::StatsD for Perl allows metric injections because metric names and values are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted sources to inject...

7.5CVSS5.4AI score0.00262EPSS
Exploits0References7
CNNVD
CNNVD
โ€ขadded 2026/06/04 12:0 a.m.โ€ข9 views

Net::Statsd::Lite ๅฎ‰ๅ…จๆผๆดž

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.13 contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks for line breaks, colons, or pipes in...

5.3CVSS5.2AI score0.00258EPSS
Exploits0References3
CVE
CVE
โ€ขadded 2026/06/03 11:45 p.m.โ€ข38 views

CVE-2026-8722

Net::Async::Statsd::Client (Perl) is affected up to version 0.005. The issue arises from unvalidated metric names that may contain newlines, colons, or pipes, allowing metric injections. No exploitation details are provided in the documents, and no remediation version is specified here; upgrading...

6.5CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/06/03 11:45 p.m.โ€ข12 views

CVE-2026-8722

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

5.8AI score0.00203EPSS
Exploits0References3
CNNVD
CNNVD
โ€ขadded 2026/05/28 12:0 a.m.โ€ข16 views

Acer NitroSense ๅฎ‰ๅ…จๆผๆดž

Acer NitroSense is a gaming device performance management software developed by Acer of Taiwan, China. Versions of Acer NitroSense prior to 3.01.3052 contained security vulnerabilities. These vulnerabilities stemmed from the PSAdminAgent service creating named pipes with weak access control lists...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/05/27 2:12 a.m.โ€ข17 views

CVE-2026-46720

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder