Lucene search
K

90 matches found

Cvelist
Cvelist
added 14 hours ago8 views

CVE-2026-56016 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

Exploits0References2
RedHat Linux
RedHat Linux
added 2 days ago7 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.3CVSS6.1AI score0.00292EPSS
Exploits2References6
CVE
CVE
added 2026/06/22 11:28 a.m.14 views

CVE-2026-11373

Summary of CVE-2026-11373 (Net::Statsite::Client) : The Perl client (versions through 1.1.0) is vulnerable to metric injections because metric names are not sanitized for newlines or other protocol control characters (e.g., colons, pipes), and newlines are not removed from metrics. This can allow...

9.1CVSS5.8AI score0.00352EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/12 1:19 p.m.8 views

CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.2AI score0.00319EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/06/09 2:33 p.m.7 views

Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.2CVSS5.4AI score0.00531EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 7:34 a.m.12 views

EUVD-2009-5128

Catalyst::Plugin::Authentication versions before 0.10027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after authentication. An attacker that obtains a session id cookie can use this to impersonate the victim...

9.1CVSS5.5AI score0.00369EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47705

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.648 Description Error messages returned when RaiseError, PrintError, or HandleError are enabled are written to a 200-byte buffer that lacks a length limit. Attackers capable of influencing the error text within an...

9.8CVSS5.7AI score0.00413EPSS
Exploits0References21
OSV
OSV
added 2026/06/06 10:16 a.m.5 views

UBUNTU-CVE-2026-10725

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-46473

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

7.5CVSS5.4AI score0.00416EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46135

Name of the Vulnerable Software and Affected Versions HTML::Entities versions prior to 3.84 Description The XS routine supporting decode entities caches a pointer repl to the entity-value SV returned by hv fetch on the entity2char hash. If the input SV is identical to a value SV in that hash and...

7.5CVSS5.4AI score0.0031EPSS
Exploits0References23
Debian CVE
Debian CVE
added 2026/05/27 3:12 a.m.10 views

CVE-2026-48962

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...

7.8CVSS6.2AI score0.00292EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.10 views

Amazon Linux 2023 : perl-Net-CIDR-Lite (ALAS2023-2026-1732)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1732 advisory. Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digi...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/20 10:8 p.m.7 views

CVE-2026-47372

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

5.8AI score0.00397EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 12:31 a.m.17 views

EUVD-2026-30995

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

6AI score0.00282EPSS
Exploits0References4
CVE
CVE
added 2026/05/19 9:30 p.m.49 views

CVE-2026-5090

The CVE concerns Template::Plugin::HTML for Perl, affecting versions up to and including 3.102. The root cause is that html_filter fails to escape single quotes, allowing HTML attributes delimited by single quotes to be injected with limited HTML/JavaScript. For example, in , a value like var = "...

6.1CVSS6AI score0.00282EPSS
Exploits0References3
Mageia
Mageia
added 2026/05/18 7:12 p.m.10 views

Updated perl-YAML-Syck package fixes security vulnerability

YAML::Syck versions before 1.38 for Perl have an out-of-bounds read...

7.3CVSS5.8AI score0.00333EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/17 6:51 p.m.42 views

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

0.00447EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.12 views

PT-2026-41582

Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::PKCS12 versions prior to 1.95 Description An out-of-bounds write flaw exists when parsing a PKCS12 file containing an OCTET STRING or BIT STRING attribute on a SAFEBAG of 1 GiB or larger. This issue is triggered via the info or...

9.8CVSS6.2AI score0.00648EPSS
Exploits0References13
NVD
NVD
added 2026/05/15 6:16 p.m.27 views

CVE-2026-46474

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

7.5CVSS0.00316EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 6:37 a.m.58 views

CVE-2026-5084 WebDyne::Session versions through 2.075 for Perl generates the session id insecurely

WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...

0.00304EPSS
Exploits0References3
Rows per page
Query Builder