25 matches found
EUVD-2026-34188
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-8722
Net::Async::Statsd::Client (Perl) has a vulnerability up to version 0.005 where metric names are not validated for newlines, colons, or pipes. This allows untrusted sources to inject additional statsd metrics, enabling metric injection. The issue is documented in several sources (NVD, CVE list) a...
CVE-2026-8722
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-46720
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-46740
The CVE affects Mojolicious::Plugin::Statsd up to version 0.04 for Perl, where metric names/values could be injected via untrusted sources due to unvalidated newlines/colons/pipes. The issue arises in the metrics pipeline; as of version 0.06, the module was changed to use a separate statsd client...
CVE-2026-46740 Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
PT-2026-43429
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...
CVE-2026-46719
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-8788
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
CVE-2026-8788
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
CVE-2026-8788 Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...
Net::Statsd::Lite 注入漏洞
Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.10.0 have a vulnerability due to the setadd method not checking for line breaks, colons, or pipes, which may lead to metric...
CVE-2026-46720
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-46720 Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-46720
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-46719
Net::Statsd::Lite (Perl) is affected by CVE-2026-46719 for versions prior to 0.9.0, where metric names are not validated for newlines, colons, or pipes. This allows metrics from untrusted sources to inject additional statsd metrics. Public sources in the included documents confirm the impact on m...
PT-2026-41426
Name of the Vulnerable Software and Affected Versions Net::Statsd::Lite versions prior to 0.9.0 Description Net::Statsd::Lite for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This enables metrics generated from untrusted sources to inject...
Net::Statsd::Lite 注入漏洞
Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.9.0 have a injection vulnerability. This vulnerability arises from the lack of checks for line breaks, colons, or vertical bars in...
ALPINE-CVE-2024-28820
Buffer overflow in the extractopenvpncr function in openvpn-cr.c in openvpn-auth-ldap aka the Three Rings Auth-LDAP plugin for OpenVPN 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this...
Cross-site Scripting (XSS)
@braintree/sanitize-url is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the decodeHtmlCharacters function in index.ts does not properly sanitize html encoded colons in the urlSchemeRegex parameter, which allows an attacker to inject and execute malicious JavaScript by...