Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: The denominator “cbppipes” must not be 0; it is checked before being used. WHAT & HOW The denominator cannot be 0, and is checked before being used. This fix addresses two “DIVIDEBYZERO” issues reported by...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “pipe: wakeup wrwait after setting maxusage” The commit c73be61cede5 “pipe: Add general notification queue support” introduced a regression that could cause pipes with resized sizes to become locked under certain conditions. See...

ALPINE-CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

EUVD-2026-36659

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

📄 FIFOFox: Windows Named-Pipe Weak Permission and Access Control Validation

This C-based framework analyzes Windows named pipes for insecure permission configurations and weak access controls that could introduce privilege boundary issues. The code collects metadata about target pipes, inspects security descriptors and DACL configurations, checks for potentially unsafe...

CVE-2026-50637 Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions allow mutiple metrics, separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the name...

CVE-2026-11362

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The formatevent method used by the event method does not validate the content of the tags, whi...

CVE-2026-11362 DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The formatevent method used by the event method does not validate the content of the tags, whi...

CVE-2026-11362

DataDog::DogStatsd for Perl versions through 0.07 is vulnerable to metric injections via event tags. The root cause is the format_event method not validating tag content, allowing commas, newlines, pipes and colons in tags; an ineffective pipe-removal attempt (s/|//g) due to unescaped pipe being ...

FIFOFox: Windows Named-Pipe Security Auditor and Fuzzer

FIFOFox is a Windows named-pipe security assessment tool for identifying weak pipe permissions, pipe-squatting exposure, and named-pipe impersonation attack paths. It combines passive auditing with authorized active testing, including fuzzing and interception-style capture, to help defenders find...

CVE-2026-46739

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

EUVD-2026-34188

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

PT-2026-46265

Name of the Vulnerable Software and Affected Versions Etsy::StatsD versions prior to 1.002002 Description Etsy::StatsD for Perl allows metric injections because metric names and values are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted sources to inject...

Net::Statsd::Lite 安全漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.13 contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks for line breaks, colons, or pipes in...

CVE-2026-8722

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

CVE-2026-8722

Net::Async::Statsd::Client (Perl) is affected up to version 0.005. The issue arises from unvalidated metric names that may contain newlines, colons, or pipes, allowing metric injections. No exploitation details are provided in the documents, and no remediation version is specified here; upgrading...

Acer NitroSense 安全漏洞

Acer NitroSense is a gaming device performance management software developed by Acer of Taiwan, China. Versions of Acer NitroSense prior to 3.01.3052 contained security vulnerabilities. These vulnerabilities stemmed from the PSAdminAgent service creating named pipes with weak access control lists...

CVE-2026-46720

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

CVE-2026-46740 Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

CVE-2026-46740

The CVE affects Mojolicious::Plugin::Statsd up to version 0.04 for Perl, where metric names/values could be injected via untrusted sources due to unvalidated newlines/colons/pipes. The issue arises in the metrics pipeline; as of version 0.06, the module was changed to use a separate statsd client...