CVE-2026-44886 Pi.Alert: Web Interface Vulnerable to Unauthenticated Blind SQL Injection

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...

CVE-2026-44886

Pi.Alert’s web interface is vulnerable to unauthenticated blind SQL injection in the /pialert/php/server/devices.php endpoint when action=getDevicesTotals is used and the scansource parameter is injected. From 2024-06-29 until 2026-05-07, unauthenticated users could trigger the vulnerability; the...

PT-2026-44074

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to...

EUVD-2018-8834

Malware in sbrugna...

CVE-2020-25352

A stored cross-site scripting XSS vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving...

CVE-2020-15037

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st parameter...

Cross site scripting

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st parameter...

CVE-2020-15037

The CVE-2020-15037 entry concerns NeDi 1.9C, a web application where an attacker can inject arbitrary JavaScript through the Reports-Devices.php page via the st[] parameter, causing a cross-site scripting (XSS) vulnerability. The consolidated connected documents confirm the vulnerability exists i...

CVE-2020-15037

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st parameter...

CVE-2019-19207

rConfig 3.9.2 allows devices.php?searchColumn= SQL injection...

CVE-2019-19207

rConfig 3.9.2 allows devices.php?searchColumn= SQL injection...

Sql injection

rConfig 3.9.2 allows devices.php?searchColumn= SQL injection...

K-Net Cisco Configuration Manager Cross-Site Scripting Vulnerability

K-Net Cisco Configuration Manager is a PHP and MySQL based tool for managing the configuration of Cisco devices. A cross-site scripting vulnerability exists in K-Net Cisco Configuration Manager 2014-11-19 and earlier versions, which can be exploited by remote attackers to inject arbitrary web...

CVE-2018-17051

K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php...

CVE-2018-17051

K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php...

Code injection

K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php...

CVE-2018-17051

The CVE concerns K-Net Cisco Configuration Manager up to 2014-11-19 with a Cross-Site Scripting (XSS) vulnerability exploitable via devices.php. CNVD notes it affects PHP/MySQL based deployments. NVD describes XSS via devices.php but does not provide exploit specifics beyond that. No remediation ...

CVE-2018-17051

K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php...