16622 matches found
DEBIAN-CVE-2026-8829
HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...
CVE-2026-8829
HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...
SUSE CVE-2026-9334
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...
EUVD-2026-34194
HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...
CVE-2026-8829
HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...
CVE-2026-8829
HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...
EUVD-2026-34188
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-8647
A flaw was found in perl-Crypt-ScryptKDF. The randombytes function in versions through 0.010 uses an insecure random number source when no cryptographically secure pseudorandom number generator CSPRNG module is available. This occurs because the function falls back to using the built-in rand...
PT-2026-46135
HTML::Entities versions before 3.84 for Perl read freed heap memory in decode entities. The XS routine backing HTML::Entities:: decode entities cached a pointer repl into the entity-value SV returned by hv fetch on the entity2char hash. When the input SV was identical to a value SV in that hash,...
CVE-2026-8722 Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
CVE-2026-8722
Net::Async::Statsd::Client (Perl) has a vulnerability up to version 0.005 where metric names are not validated for newlines, colons, or pipes. This allows untrusted sources to inject additional statsd metrics, enabling metric injection. The issue is documented in several sources (NVD, CVE list) a...
CVE-2026-8722
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
USN-8378-1 libwww-perl vulnerability
It was discovered that libwww-perl incorrectly handled redirects. A remote attacker could possibly use this issue to obtain sensitive information by causing Authorization headers to be sent to a different host...
CVE-2026-9334
A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...
CVE-2026-42496
A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...
CVE-2026-9334
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
CVE-2026-9516
Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...
CVE-2026-9516
CVE-2026-9516 affects Cpanel::JSON::XS for Perl prior to 4.41. A UTF-8 BOM prefixed input with a throwing decode filter callback can cause the decoder to skip restoration of the input pointer, leaving the scalar with an offset pointer. When the scalar is freed, the allocator may receive an invali...