CVE-2026-9270

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...

WordPress Top Dog theme <= 1.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Top Dog versions = 1.0.5...

CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...

Poisoning AI Training Data

All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled "The best tech journalists at eating hot dogs." Every word is a lie. I claimed without evidence that competitive hot-dog-eating is a popular hobby among tech reporte...

EUVD-2025-206810

Stored Cross-Site Scripting XSS vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request to '/api/v1/user-avatar', which are then stored on the server and execute...

CVE-2020-24918

A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parseauthenticationheader in libamprotocol-rtsp.so.1 in rtspsvc or cause a...

CVE-2023-49845

Missing Authorization vulnerability in mattdeclaire Redirects redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirects: from n/a through = 1.2.1...

CVE-2019-12920

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt...

CVE-2019-12919

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved o...

CVE-2025-34264 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via dog/{agentId}

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in the settings array and...

CVE-2025-34264

Advantech WISE-DeviceOn Server (pre-5.4) is vulnerable to an authenticated stored XSS via the /rmm/v1/dog/{agentId} endpoint. When a user adds/edits Software Watchdog rules for an agent, the monitored process name is stored in a settings array and rendered in the Software Watchdog UI without prop...

EUVD-2025-201433

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/dog/agentId endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in the settings array and...

EUVD-2025-177424

Malicious code in optimize-theta-process-cluster-dog npm...

EUVD-2025-179278

Malicious code in dog-water-double-sudo-export npm...

EUVD-2025-177532

Malicious code in notify-zero-abstract-old-dog npm...

EUVD-2025-178903

Malicious code in final-dog-throw-resolve-short npm...

EUVD-2025-180488

Malicious code in air-easy-dog-float-interface npm...

EUVD-2025-176213

Malicious code in static-stub-dog-epsilon-final npm...

EUVD-2025-179684

Malicious code in cold-dog-module-notify-good npm...

EUVD-2025-177019

Malicious code in promise-dog-link-authorize-boolean npm...