Lucene search
+L

160 matches found

CVE
CVE
added 3 days ago10 views

CVE-2026-3031

CVE-2026-3031 concerns Image::EPEG for Perl, which bundles an outdated Epeg library (Epeg 0.9.0, last updated 2004) and includes through version 0.15. Root cause is embedding an unsupported version of Epeg; affected component is Image::EPEG (Perl). CVSS3.1 base score is 9.8 with CRITICAL impact (...

9.8CVSS6.1AI score0.0017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-60594

Name of the Vulnerable Software and Affected Versions YAML::Syck versions prior to 1.47 Description A heap use-after-free occurs when an anchor name is reused as an anchors-table key in the syck hdlr add anchor function. In the bundled libsyck, an anchor name allocated by syck strndup is stored a...

7.8CVSS5.2AI score0.00186EPSS
Exploits0References7
OSV
OSV
added 4 days ago3 views

RHSA-2026:39547 Red Hat Security Advisory: perl-XML-LibXML security update

Bulletin has no description...

7.5CVSS6.1AI score0.00629EPSS
Exploits0References9
OSV
OSV
added 5 days ago2 views

SUSE-SU-2026:2962-1 Security update for perl-libwww-perl

This update for perl-libwww-perl fixes the following issue - CVE-2026-8368: LWP: UserAgent: Authorization and Proxy-Authorization headers are leaked on cross-origin redirects bsc1265156...

6.5CVSS6.1AI score0.00266EPSS
Exploits0References3
OSV
OSV
added 6 days ago5 views

UBUNTU-CVE-2026-58101

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

7.5CVSS6.1AI score0.00212EPSS
Exploits0References3
OSV
OSV
added 6 days ago4 views

UBUNTU-CVE-2026-57433

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SXHOOK record. retrievehookcommon reads a signed 32-bit item count from an SXHOOK record and calls avextend with that count plus one. A count of I32MAX wraps the addition to a negative value. A...

9.8CVSS6.2AI score0.00345EPSS
Exploits0References3
Fedora
Fedora
added 2026/07/10 12:54 a.m.6 views

[SECURITY] Fedora 44 Update: perl-DBI-1.650-1.fc44

DBI is a database access Application Programming Interface API for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used...

9.8CVSS5.9AI score0.00498EPSS
Exploits0
OSV
OSV
added 2026/07/08 3:16 p.m.2 views

DEBIAN-CVE-2026-49146

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 3:16 p.m.4 views

UBUNTU-CVE-2026-49146

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/07 10:12 p.m.8 views

CVE-2026-14895

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

7.5CVSS6AI score0.00392EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/07 5:41 p.m.46 views

CVE-2026-7017 HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

0.0026EPSS
Exploits0References5
OSV
OSV
added 2026/07/07 5:41 p.m.6 views

CVE-2026-7017 HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0References10
OSV
OSV
added 2026/07/05 1:30 a.m.6 views

CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.16 views

PT-2026-55751

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.22 Description The software draws the DSA signing nonce and private key from a biased random generator. Specifically, the makerandom function in Crypt::DSA::Util forces the high bit of every returned value to...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References10
OSV
OSV
added 2026/06/30 11:4 a.m.3 views

CVE-2026-57080 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in processmessages trusts the 4-byte length prefix sent by a connected peer with no upper bound, while receivedata appends every inbound byte to th...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 11:4 a.m.5 views

EUVD-2026-40288

Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on the .torrent-file ingest path. The peer and magnet metadata path onmetadatareceived, reached from the BEP...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 8:42 p.m.18 views

CVE-2026-13758

CVE-2026-13758 affects CryptX for Perl versions before 0.088_001. The vulnerability stems from a non-constant-time comparison of AEAD authentication tags in the streaming decrypt_done path, using memNE (memcmp() != 0). The run time varies with the number of matching leading bytes across all five ...

3.7CVSS5.8AI score0.00295EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 9:16 a.m.7 views

UBUNTU-CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References7
OSV
OSV
added 2026/06/24 7:41 p.m.3 views

OPENSUSE-SU-2026:21045-1 Security update for perl-libwww-perl

This update for perl-libwww-perl fixes the following issue - CVE-2026-8368: authorization and proxy-authorization headers are leaked on cross-origin redirects bsc1265156...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.8 views

Debian dla-4639 : libhttp-daemon-perl - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dla-4639 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4639-1 [email protected]...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References5
Rows per page
Query Builder