17598 matches found
CVE-2026-15747 Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle
Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. csrftoken generates and caches one token per session and returns the same value on every call, and csrffield places that value in a hidden csrftoken input...
CVE-2026-15747 Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle
Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. csrftoken generates and caches one token per session and returns the same value on every call, and csrffield places that value in a hidden csrftoken input...
CVE-2026-60082 DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent...
CVE-2026-60082
The CVE-2026-60082 issue affects Perl DBI prior to 1.651, where the statement handle consistency with the row is not enforced. If the statement handle has no fields but the source row is non-empty, the internal row-buffer helper could read from a negative array index. This can be triggered when a...
CVE-2026-60081
The provided data indicate a memory‑consumption risk in DBI::ProfileData prior to version 1.651 for Perl. The issue arises from an unbounded path index in profile dump files, which can be used to allocate an excessively large array and exhaust memory. Affected component: DBI::ProfileData (Perl). ...
CVE-2026-60081 DBI::ProfileData versions before 1.651 for Perl do not limit the path index
DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory...
CVE-2026-15392 DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location
DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location. The completetablename method builds the absolute table file path without checking whether the file is a symbolic link. A link inside the data directory can point to a table file at any...
perl-DBI security update
An update is available for perl-DBI. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list DBI is a database access Application Programming Interface API for the Perl...
RLSA-2026:38513 Important: perl-DBI security update
DBI is a database access Application Programming Interface API for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used. Security Fixes: DBI: DBI: Buffer overfl...
RLSA-2026:38512 Important: perl-DBI security update
DBI is a database access Application Programming Interface API for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used. Security Fixes: DBI: DBI: Buffer overfl...
perl-DBI security update
An update is available for perl-DBI. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list DBI is a database access Application Programming Interface API for the Perl...
SUSE-SU-2026:2962-1 Security update for perl-libwww-perl
This update for perl-libwww-perl fixes the following issue - CVE-2026-8368: LWP: UserAgent: Authorization and Proxy-Authorization headers are leaked on cross-origin redirects bsc1265156...
RHSA-2026:38901 Red Hat Security Advisory: perl-DBI:1.641 security update
Bulletin has no description...
RHSA-2026:38512 Red Hat Security Advisory: perl-DBI security update
Bulletin has no description...
CVE-2026-15043
CVE-2026-15043 affects DBI::SQL::Nano (versions 1.42–1.650.x) for Perl. In the non-numeric string branch of is_matched, the = with Perl's le, causing inverted = comparisons in WHERE predicates. This occurs in the fallback SQL engine used by DBI's file-backed drivers (e.g., DBD::File, DBD::DBM, CS...
SUSE-SU-2026:2950-1 Security update for perl-HTML-Parser
This update for perl-HTML-Parser fixes the following issue - CVE-2026-8829: HTML:Entities versions before 3.84 for Perl read freed heap memory in decodeentities bsc1267606...
SUSE-SU-2026:2948-1 Security update for perl-HTML-Parser
This update for perl-HTML-Parser fixes the following issue - CVE-2026-8829: HTML:Entities versions before 3.84 for Perl read freed heap memory in decodeentities bsc1267606...
MGASA-2026-0251 Updated perl-Socket packages fix security vulnerability
Socket versions before 2.041 for Perl have an out-of-bounds heap read. CVE-2026-12087...
EUVD-2026-43573
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...
EUVD-2026-43574
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...