Lucene search
K

17336 matches found

OSV
OSV
added 2026/07/02 12:0 a.m.3 views

OPENSUSE-SU-2026:11179-1 perl-List-SomeUtils-XS-0.590.0-1.1 on GA media

These are all security issues fixed in the perl-List-SomeUtils-XS-0.590.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.9AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.8 views

CVE-2025-15646

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walktree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen over-reads the heap...

9.8CVSS0.00663EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:4 p.m.5 views

CVE-2026-58038

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from before 1.46.0, 1.45.4,...

5.8AI score0.0024EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:4 p.m.12 views

CVE-2026-58038

The CVE-2026-58038 entry describes a Stored XSS vulnerability in the Wikimedia Foundation timeline component, caused by improper neutralization of input during web page generation. The issue concerns files including Timeline.Php and scripts/EasyTimeline.Pl and affects timeline builds prior to the...

5.8AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:38 p.m.28 views

CVE-2025-15646

HTML::Gumbo for Perl before 0.19 is vulnerable to heap memory disclosure via type confusion when parsing documents containing a element. The issue arises because libgumbo’s walk_tree was not updated to support , causing the element to be treated as a text node and enabling strlen() over-read of ...

9.8CVSS5.8AI score0.00663EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 12:3 p.m.3 views

RLSA-2026:30856 Important: perl-Archive-Tar security update

Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support...

8.2CVSS7.3AI score0.0043EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 12:3 p.m.3 views

RLSA-2026:30859 Important: perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS6.2AI score0.00292EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2026/07/01 11:4 a.m.9 views

CVE-2026-56016

A flaw was found in perl-CGI-Session. This vulnerability allows a remote attacker to predict session identifiers due to the use of low-entropy sources in the generateid method. By predicting a session identifier, an attacker can impersonate a user's session, leading to a bypass of authentication...

7.4CVSS5.7AI score0.00322EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/07/01 8:6 a.m.3 views

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

...

7.5CVSS5.9AI score0.00309EPSS
Exploits0
CVE
CVE
added 2026/07/01 6:46 a.m.17 views

CVE-2026-56016

CVE-2026-56016 (CGI::Session::ID::md5) affects Perl CGI::Session versions before 4.49. The vulnerable code path uses generate_id to build a session id from a MD5 digest of the process ID, epoch time, and rand(), all low-entropy/predictable sources. This enables an attacker to predict session IDs ...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 6:46 a.m.35 views

CVE-2026-56016 CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand function. All three are predictable, low-entropy sources: the PID i...

0.00322EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 12:0 a.m.2 views

OPENSUSE-SU-2026:11168-1 perl-CGI-Session-4.490.0-1.1 on GA media

These are all security issues fixed in the perl-CGI-Session-4.490.0-1.1 package on the GA media of openSUSE Tumbleweed...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-56016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources. The generateid method builds the session id from ...

5.9CVSS6AI score0.00322EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 11:20 a.m.31 views

CVE-2026-13766 DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quotechar, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers orderby, where-claus...

0.0035EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 11:20 a.m.6 views

EUVD-2026-40295

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quotechar, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers orderby, where-claus...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 11:20 a.m.20 views

CVE-2026-13766

Summary: CVE-2026-13766 affects DBIx::QuickORM prior to 0.000026 for Perl. The default SQL builder (SQL::Abstract subclass) does not set quote_char, causing unquoted identifiers (order_by, where keys, field/returning lists, upsert columns, join aliases) to be emitted verbatim and fed into the SQL...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 11:5 a.m.6 views

EUVD-2026-40291

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:5 a.m.12 views

CVE-2026-57081

CVE-2026-57081 affects Net::BitTorrent for Perl up to version 2.0.1. The root cause is unbounded recursion in the bdecode decoder: each nested list/dictionary level causes a recursive call that copies the remaining input buffer, producing O(N^2) memory growth for deeply nested inputs. In practice...

7.5CVSS6AI score0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 11:5 a.m.6 views

CVE-2026-57081

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

7.5CVSS6AI score0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 11:5 a.m.6 views

EUVD-2026-40290

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

7.5CVSS6AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder