Lucene search
+L

764 matches found

NVD
NVD
added yesterday5 views

CVE-2026-57075

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-57076

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-44965

HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read. Note that t...

6.1AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-44963

HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes. The parsercparse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "" or unbalanced quotes "" can...

6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-60081

A flaw was found in DBI::ProfileData, a Perl module. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a specially crafted input. The flaw exists because the software does not properly limit the path index when processing profile dump files, which can lead to...

7.5CVSS6.1AI score0.0063EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-14380

A flaw was found in the DBI component for Perl. This vulnerability allows an attacker to inject and execute arbitrary code by manipulating the Profile attribute of a DBI handle. When a string is assigned to this attribute, the component processes it without proper validation, enabling the executi...

8.8CVSS6.5AI score0.00498EPSS
Exploits0References6
CVE
CVE
added 3 days ago15 views

CVE-2026-15043

CVE-2026-15043 affects DBI::SQL::Nano (versions 1.42–1.650.x) for Perl. In the non-numeric string branch of is_matched, the = with Perl's le, causing inverted = comparisons in WHERE predicates. This occurs in the fallback SQL engine used by DBI's file-backed drivers (e.g., DBD::File, DBD::DBM, CS...

9.8CVSS6.1AI score0.00513EPSS
Exploits0References4
OSV
OSV
added 3 days ago2 views

SUSE-SU-2026:2950-1 Security update for perl-HTML-Parser

This update for perl-HTML-Parser fixes the following issue - CVE-2026-8829: HTML:Entities versions before 3.84 for Perl read freed heap memory in decodeentities bsc1267606...

7.5CVSS6.1AI score0.0031EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43574

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

6.2AI score0.00222EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-58102

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

9.1CVSS0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-58102 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

0.00222EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

MGASA-2026-0244 Updated perl-List-SomeUtils-XS packages fix security vulnerability

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. CVE-2026-12844...

7.5CVSS6.1AI score0.00419EPSS
Exploits0References4
Fedora
Fedora
added 5 days ago7 views

[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.22-1.fc43

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.5CVSS6.1AI score0.00508EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/07/09 3:9 a.m.9 views

SUSE CVE-2026-14740

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...

6.5CVSS6.1AI score0.00407EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 3:16 p.m.3 views

ALPINE-CVE-2026-49146

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 2:55 p.m.3 views

CVE-2026-49146 App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References7
OSV
OSV
added 2026/07/08 12:30 p.m.5 views

CVE-2026-14454 Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

9.8CVSS6.1AI score0.00394EPSS
Exploits0References7
Fedora
Fedora
added 2026/07/08 1:10 a.m.7 views

[SECURITY] Fedora 43 Update: perl-Compress-Raw-Bzip2-2.218-1.fc43

This module provides a Perl interface to the bzip2 compression library. It is used by IO::Compress::Bzip2...

7.8CVSS5.9AI score0.00373EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-14895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace...

7.5CVSS6.1AI score0.00392EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/07 10:5 p.m.4 views

CVE-2026-14739 DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...

6.1AI score0.00413EPSS
Exploits0References3
Rows per page
Query Builder