Lucene search
+L

17598 matches found

cvelist
cvelist
added 2 days ago23 views

CVE-2026-15747 Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. csrftoken generates and caches one token per session and returns the same value on every call, and csrffield places that value in a hidden csrftoken input...

0.00152EPSS
Exploits0References2
osv
osv
added 2 days ago2 views

CVE-2026-15747 Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. csrftoken generates and caches one token per session and returns the same value on every call, and csrffield places that value in a hidden csrftoken input...

9.1CVSS6.1AI score0.00152EPSS
Exploits0References7
cvelist
cvelist
added 2 days ago29 views

CVE-2026-60082 DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row

DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent...

0.00209EPSS
Exploits0References3
cve
cve
added 2 days ago10 views

CVE-2026-60082

The CVE-2026-60082 issue affects Perl DBI prior to 1.651, where the statement handle consistency with the row is not enforced. If the statement handle has no fields but the source row is non-empty, the internal row-buffer helper could read from a negative array index. This can be triggered when a...

9.1CVSS6.1AI score0.00209EPSS
Exploits0References4
cve
cve
added 2 days ago11 views

CVE-2026-60081

The provided data indicate a memory‑consumption risk in DBI::ProfileData prior to version 1.651 for Perl. The issue arises from an unbounded path index in profile dump files, which can be used to allocate an excessively large array and exhaust memory. Affected component: DBI::ProfileData (Perl). ...

7.5CVSS6.1AI score0.00209EPSS
Exploits0References4
cvelist
cvelist
added 2 days ago28 views

CVE-2026-60081 DBI::ProfileData versions before 1.651 for Perl do not limit the path index

DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory...

0.00209EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago28 views

CVE-2026-15392 DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location

DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location. The completetablename method builds the absolute table file path without checking whether the file is a symbolic link. A link inside the data directory can point to a table file at any...

0.00205EPSS
Exploits0References3
rocky
rocky
added 2 days ago6 views

perl-DBI security update

An update is available for perl-DBI. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list DBI is a database access Application Programming Interface API for the Perl...

9.8CVSS6.5AI score0.00452EPSS
Exploits0
osv
osv
added 2 days ago3 views

RLSA-2026:38513 Important: perl-DBI security update

DBI is a database access Application Programming Interface API for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used. Security Fixes: DBI: DBI: Buffer overfl...

8.2CVSS6.5AI score0.00452EPSS
Exploits0References2
osv
osv
added 2 days ago3 views

RLSA-2026:38512 Important: perl-DBI security update

DBI is a database access Application Programming Interface API for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used. Security Fixes: DBI: DBI: Buffer overfl...

8.2CVSS6.5AI score0.00452EPSS
Exploits0References2
rocky
rocky
added 2 days ago5 views

perl-DBI security update

An update is available for perl-DBI. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list DBI is a database access Application Programming Interface API for the Perl...

9.8CVSS6.5AI score0.00452EPSS
Exploits0
osv
osv
added 2 days ago2 views

SUSE-SU-2026:2962-1 Security update for perl-libwww-perl

This update for perl-libwww-perl fixes the following issue - CVE-2026-8368: LWP: UserAgent: Authorization and Proxy-Authorization headers are leaked on cross-origin redirects bsc1265156...

6.5CVSS6.1AI score0.00266EPSS
Exploits0References3
osv
osv
added 2 days ago3 views

RHSA-2026:38901 Red Hat Security Advisory: perl-DBI:1.641 security update

Bulletin has no description...

8.2CVSS6.1AI score0.00452EPSS
Exploits0References14
osv
osv
added 2 days ago3 views

RHSA-2026:38512 Red Hat Security Advisory: perl-DBI security update

Bulletin has no description...

8.2CVSS6.1AI score0.00452EPSS
Exploits0References9
cve
cve
added 2 days ago15 views

CVE-2026-15043

CVE-2026-15043 affects DBI::SQL::Nano (versions 1.42–1.650.x) for Perl. In the non-numeric string branch of is_matched, the = with Perl's le, causing inverted = comparisons in WHERE predicates. This occurs in the fallback SQL engine used by DBI's file-backed drivers (e.g., DBD::File, DBD::DBM, CS...

9.8CVSS6.1AI score0.00513EPSS
Exploits0References4
osv
osv
added 2 days ago2 views

SUSE-SU-2026:2950-1 Security update for perl-HTML-Parser

This update for perl-HTML-Parser fixes the following issue - CVE-2026-8829: HTML:Entities versions before 3.84 for Perl read freed heap memory in decodeentities bsc1267606...

7.5CVSS6.1AI score0.0031EPSS
Exploits0References3
osv
osv
added 2 days ago2 views

SUSE-SU-2026:2948-1 Security update for perl-HTML-Parser

This update for perl-HTML-Parser fixes the following issue - CVE-2026-8829: HTML:Entities versions before 3.84 for Perl read freed heap memory in decodeentities bsc1267606...

7.5CVSS6.1AI score0.0031EPSS
Exploits0References3
osv
osv
added 2 days ago6 views

MGASA-2026-0251 Updated perl-Socket packages fix security vulnerability

Socket versions before 2.041 for Perl have an out-of-bounds heap read. CVE-2026-12087...

9.1CVSS6.1AI score0.00389EPSS
Exploits0References3
euvd
euvd
added 2 days ago5 views

EUVD-2026-43573

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

6.1AI score0.00212EPSS
Exploits0References3
euvd
euvd
added 2 days ago5 views

EUVD-2026-43574

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

6.2AI score0.00222EPSS
Exploits0References3
Rows per page
Query Builder