Lucene search
K

17336 matches found

CVE
CVE
added 2 days ago9 views

CVE-2026-14895

Summary: CVE-2026-14895 affects String::Util for Perl, versions before 1.36. The vulnerability arises in trim() and rtrim(), which strip trailing whitespace using a greedy regex (\s*$) that can cause quadratic backtracking on long whitespace runs, leading to CPU exhaustion. Root cause: regex back...

7.5CVSS6AI score0.00188EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-14895

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

6AI score0.00188EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago24 views

CVE-2026-14895 String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

0.00188EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-14895

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

7.5CVSS6AI score0.00188EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-14740

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...

6AI score0.00187EPSS
Exploits0References4
CVE
CVE
added 2 days ago12 views

CVE-2026-14740

DBI for Perl before 1.650 is affected by CVE-2026-14740. The vulnerability is rooted in the preparse() function, where deleting an initial SQL comment during SQL normalization causes an out-of-bounds read by one byte. Impact is a fault on memory-hardened builds and nondeterministic newline retent...

9.1CVSS6AI score0.00187EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-14740 DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...

0.00187EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-14740

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...

9.1CVSS6AI score0.00187EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-14739

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References4
CVE
CVE
added 2 days ago11 views

CVE-2026-14739

CVE-2026-14739 affects DBI for Perl; versions before 1.650 are vulnerable to a heap overflow during preparsing of SQL statements with an extremely large number of placeholders. The fix in DBI 1.650 introduces a hard limit of 99,999 placeholders, addressing the prior memory allocation issue that c...

9.8CVSS6.1AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago26 views

CVE-2026-14739 DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...

0.00187EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2 days ago5 views

CVE-2026-14739

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...

9.8CVSS6.1AI score0.00187EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

6.3AI score0.00237EPSS
Exploits0References4
CVE
CVE
added 2 days ago10 views

CVE-2026-14380

DBI for Perl prior to 1.650 is vulnerable to code execution via the Profile attribute. When a string is assigned to Profile, DBI splits it into path, package and arguments and interpolates the package name in a string eval without validating the package, allowing attacker-controlled input from DB...

6.3AI score0.00237EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-14380 DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

0.00237EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

6.3AI score0.00237EPSS
Exploits0
NVD
NVD
added 2 days ago6 views

CVE-2026-7017

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS0.0026EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-7017 HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

0.0026EPSS
Exploits0References5
NVD
NVD
added 2 days ago8 views

CVE-2011-10043

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...

9.8CVSS0.00429EPSS
Exploits0References3
OSV
OSV
added 2 days ago7 views

ROOT-OS-DEBIAN-12-CVE-2026-8376 CVE-2026-8376 in rootio-perl - Patched by Root

Root has patched CVE-2026-8376 in the rootio-perl package for Root:Debian:12. Multiple fixed versions available...

9.8CVSS5.8AI score0.00398EPSS
Exploits1
Rows per page
Query Builder