CVE-2026-45191

Net::CIDR::Lite (Perl) is affected in versions before 0.24. The flaw is in CIDR mask handling: extraneous zero characters in masks are not properly validated, causing /00 and /01 (and other zero-padded forms) to pass validation and be parsed to the same prefix as the unpadded value, potentially a...

CVE-2026-2474 Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

MiracleLinux 8 : perl-CPAN-2.18-402.el8_10 (AXSA:2025-9982:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9982:02 advisory. perl-CPAN: Bypass of verification of signatures in CHECKSUMS files CVE-2020-16156 Tenable has extracted the preceding description block directly from the...

EUVD-2012-6003

Malware in sbrugna...

EUVD-2010-1198

Malware in sbrugna...

EUVD-2014-1937

Malware in sbrugna...

EUVD-2013-7246

Malware in sbrugna...

EUVD-2025-18132

Malicious code in bioql PyPI...

Amazon Linux 2 : perl-Module-ScanDeps (ALAS-2025-2738)

The version of perl-Module-ScanDeps installed on the remote host is prior to 1.10-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2738 advisory. Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local...

USN-4534-1 libdbi-perl vulnerability

It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information...

UBUNTU-CVE-2017-10789

The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though this setting's documentation has a "your communication with the server will be encrypted" statement, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad...

perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...