cbcvebase.

Leiweibau Pi.Alert vulnerabilities

3 known vulnerabilities affecting leiweibau/pi.alert.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1

Vulnerabilities

Page 1 of 1
CVE-2026-44887P2CRITICALCVSS 9.8fixed in 2026-05-072026-05-27
CVE-2026-44887 [CRITICAL] CWE-94 CVE-2026-44887: Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Aler Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the de
nvd
CVE-2026-44888P2CRITICALCVSS 9.8fixed in 2026-05-072026-05-27
CVE-2026-44888 [CRITICAL] CWE-94 CVE-2026-44888: Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Aler Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec() every 3–5 minutes by the background cron process, an attacker c
nvd
CVE-2026-44886P3HIGHCVSS 8.7v>= 2024-06-29, < 2026-05-072026-05-27
CVE-2026-44886 [HIGH] CWE-89 CVE-2026-44886: Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 20 Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to getDevicesTotals. The scansource URL parameter is then in
nvd
Leiweibau Pi.Alert vulnerabilities | cvebase