Leiweibau Pi.Alert vulnerabilities
3 known vulnerabilities affecting leiweibau/pi.alert.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-44887P2CRITICALCVSS 9.8fixed in 2026-05-072026-05-27
CVE-2026-44887 [CRITICAL] CWE-94 CVE-2026-44887: Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Aler
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the de
nvd
CVE-2026-44888P2CRITICALCVSS 9.8fixed in 2026-05-072026-05-27
CVE-2026-44888 [CRITICAL] CWE-94 CVE-2026-44888: Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Aler
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly into
pialert.conf without validation. Since pialert.conf is loaded via Python's exec() every 3–5 minutes by the
background cron process, an attacker c
nvd
CVE-2026-44886P3HIGHCVSS 8.7v>= 2024-06-29, < 2026-05-072026-05-27
CVE-2026-44886 [HIGH] CWE-89 CVE-2026-44886: Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 20
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to getDevicesTotals. The scansource URL parameter is then in
nvd