CVE-2026-46739

Net::Statsd for Perl with versions prior to 0.13 is vulnerable to metric injections. The flaw arises because metric names aren’t checked for newlines, colons, or pipes, allowing untrusted-sourced metrics to inject additional statsd metrics. Additionally, update_stats and gauge do not validate tha...

CVE-2026-46383 Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the PERL community. A security vulnerability exists in Perl versions prior to 0.13, which stems from the Crypt::Random::Source package falling back to the built-in rand function, which is not a safe source of...

Cosmos Code Issue Vulnerability

Cosmos is a self-hosted home server from the individual developer Yann Stepienik. Designed to address the growing concern of vulnerable self-hosted applications and personal servers. A code issue vulnerability exists in Cosmos versions prior to 0.13.0, which stems from a token in the Authorizatio...