Lucene search
K

22 matches found

NVD
NVD
added 2026/06/04 5:16 p.m.9 views

CVE-2026-46741

Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the...

7.5CVSS0.00262EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 3:54 p.m.5 views

CVE-2026-46741

Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References3
CVE
CVE
added 2026/06/04 3:54 p.m.41 views

CVE-2026-46741

Etsy::StatsD for Perl (versions up to 1.002002) is affected by metric injection due to unvalidated metric names and values containing newlines, colons, or pipes. The issue can allow an attacker to inject additional statsd metrics when metrics are generated from untrusted sources, with the Git rep...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 3:54 p.m.36 views

CVE-2026-46741 Etsy::StatsD versions through 1.002002 for Perl allow metric injections

Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the...

0.00262EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 3:45 p.m.8 views

CVE-2026-46739

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 12:30 a.m.16 views

EUVD-2026-34188

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46264

Name of the Vulnerable Software and Affected Versions Net::Statsd versions prior to 0.13 Description Net::Statsd for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This allows metrics generated from untrusted sources to inject additional stats...

5.3CVSS5.4AI score0.00258EPSS
Exploits0References14
CVE
CVE
added 2026/06/03 11:45 p.m.19 views

CVE-2026-8722

Net::Async::Statsd::Client (Perl) is affected up to version 0.005. The issue arises from unvalidated metric names that may contain newlines, colons, or pipes, allowing metric injections. No exploitation details are provided in the documents, and no remediation version is specified here; upgrading...

6.5CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/03 11:45 p.m.45 views

CVE-2026-8722 Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

0.00203EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 1:56 p.m.11 views

CVE-2026-46719

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

6.5CVSS5.8AI score0.00306EPSS
Exploits0References1
NVD
NVD
added 2026/05/16 2:16 p.m.15 views

CVE-2026-46719

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...

6.5CVSS0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.13 views

PT-2026-41426

Name of the Vulnerable Software and Affected Versions Net::Statsd::Lite versions prior to 0.9.0 Description Net::Statsd::Lite for Perl allows metric injections because metric names are not validated for newlines, colons, or pipes. This enables metrics generated from untrusted sources to inject...

6.5CVSS5.8AI score0.00306EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2026/05/11 1:57 p.m.10 views

PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries

Summary PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. Details This issue affec...

6.3CVSS6AI score0.00216EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/08 1:33 p.m.16 views

CVE-2026-44337

PraisionAI across versions 2.4.1–4.6.34 exposes optional SQL/CQL-backed knowledge-store backends that derive table and index identifiers from unvalidated collection names. This can enable SQL/CQL injection when applications pass untrusted collection names into these backends. The issue is fixed i...

6.3CVSS5.8AI score0.00216EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:33 p.m.6 views

CVE-2026-44337

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names...

6.3CVSS5.8AI score0.00216EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/08 1:33 p.m.10 views

EUVD-2026-28640

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names...

6.3CVSS5.8AI score0.00216EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-39004

Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.4.1 through 4.6.33 Description PraisonAI is a multi-agent teams system that exposes optional SQL/CQL-backed knowledge-store implementations. These implementations build table and index identifiers using unvalidated name an...

6.3CVSS5.9AI score0.00216EPSS
Exploits1References5
OSV
OSV
added 2026/05/05 7:27 p.m.4 views

GHSA-FR8X-3VFX-F45H gix and gitoxide: unvalidated submodule name traverses out of .git/modules and redirects state() / open() to another repository

Summary attachments: pocs.zip Submodule names coming from .gitmodules are exposed as unvalidated names and are later reused to derive the submodule git directory as: /modules/ Because the submodule name is joined directly as a filesystem path component, a name such as ../../../escaped-target.git...

8.7CVSS5.9AI score
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/25 12:0 a.m.4 views

CVE-2025-70952

pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...

7.5CVSS5.4AI score0.00856EPSS
Exploits1
NVD
NVD
added 2025/11/12 5:15 p.m.4 views

CVE-2025-52331

Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...

6.1CVSS0.00268EPSS
Exploits0References3
Rows per page
Query Builder