Pi.Alert 代码注入漏洞

Pi.Alert is a WIFI/LAN intrusion detector developed by Jokob-sk. Versions of Pi.Alert prior to 2026-05-07 had a code injection vulnerability. This vulnerability stemmed from the Web configuration editor, which allowed arbitrary Python code to be injected into the pialert.conf file. Additionally,...

SUSE CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

CVE-2026-28384

CVE-2026-28384 : Canonical LXD contains an improper sanitization of the compression_algorithm parameter, allowing an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. Affected: LXD releases 4.12–6.6. Mitigatio...

PYSEC-2024-248

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...