CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

CVE-2026-9270 DataDog::DogStatsd versions through 0.07 for Perl allow metric injections

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...

EUVD-2026-34846

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...

CVE-2026-46741

Etsy::StatsD for Perl (versions up to 1.002002) is affected by metric injection due to unvalidated metric names and values containing newlines, colons, or pipes. The issue can allow an attacker to inject additional statsd metrics when metrics are generated from untrusted sources, with the Git rep...

CVE-2026-38967

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

EUVD-2026-34020

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

CVE-2026-38967

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

CVE-2026-38967

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

PT-2026-44076

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTP PORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minute...

CVE-2026-8788

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...

PT-2026-41648

Name of the Vulnerable Software and Affected Versions Net::Statsd::Lite versions prior to 0.10.0 Description Net::Statsd::Lite for Perl allows metric injections because the set add function does not validate values for newlines, colons, or pipes. This allows metrics generated from untrusted sourc...

WordPress plugin Advanced Custom Fields Extended 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

ROS-20260112-7360

A vulnerability in the mpi3mrsasportadd function in the drivers/scsi/mpi3mr/mpi3mrtransport.c module of the Broadcom MPI3 device driver in the Linux kernel is related to a lack of validation of acceptable values. Exploitation of the vulnerability may allow an intruder to affect confidentiality,...

EUVD-2022-3530

Malicious code in bioql PyPI...

WordPress plugin Anps Theme plugin 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

GHSA-C7RM-W2HJ-X8G3 Guard bypass in Eloquent models affecting Laravel illuminate database component

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database component in some situations in which table names are stripped during a mass assignment...

CVE-2020-24940

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...

PT-2020-15863 · Taylor Otwell · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 6.18.34 Laravel versions 7.x prior to 7.23.2 Description: An issue allows unvalidated values to be saved to the database in certain situations where table names are stripped during mass assignment. Recommendations: F...

PYSEC-2019-79

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

Code injection

drivers/video/msm/mdss/mdp3ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug...