Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.17 views

CVE-2026-9270

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...

9.1CVSS5.5AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-39890

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...

9.8CVSS6.4AI score0.0058EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 2:49 p.m.10 views

EUVD-2026-34846

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...

8.2CVSS5.5AI score0.00344EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 2:49 p.m.7 views

CVE-2026-9270

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...

5.5AI score0.00331EPSS
Exploits0References4
CVE
CVE
added 2026/06/05 2:49 p.m.74 views

CVE-2026-9270

DataDog::DogStatsd for Perl (up to version 0.07) is vulnerable to metric injections due to insufficient input sanitization in the send_stats pathway. The stat name is not stripped of newlines, enabling prefix manipulation; the value (delta) is not validated, allowing injection via set/gauge/count...

9.1CVSS5.5AI score0.00331EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 12:55 a.m.15 views

Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/08 9:17 p.m.3 views

CVE-2026-39890

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...

9.8CVSS0.0058EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31457

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.115 Description PraisonAI's AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags like !!js/function and !!js/undefined. This allows an attacker to...

9.8CVSS6.6AI score0.0058EPSS
Exploits0References12
Rows per page
Query Builder