Lucene search
K

78 matches found

NVD
NVD
added 2026/07/04 6:16 p.m.9 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

8.1CVSS0.00172EPSS
Exploits0References5
CVE
CVE
added 2026/07/04 5:58 p.m.16 views

CVE-2026-12740

Summary: CVE-2026-12740 affects Plack::Middleware::OAuth for Perl up to version 0.10. The core issue is lack of OAuth 2.0 state parameter handling, enabling login CSRF. Specifically, RequestTokenV2 builds the authorization redirect without a state value, and AccessTokenV2 exchanges the callback c...

8.1CVSS5.9AI score0.00172EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/04 5:58 p.m.7 views

CVE-2026-12740

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

5.9AI score0.00172EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/04 5:58 p.m.34 views

CVE-2026-12740 Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session...

0.00172EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.16 views

PT-2026-55718

Name of the Vulnerable Software and Affected Versions Plack::Middleware::OAuth versions prior to 0.11 Description Plack::Middleware::OAuth for Perl fails to support the OAuth 2.0 state parameter. The RequestTokenV2 function builds the provider authorization redirect without issuing a state value,...

8.1CVSS5.9AI score0.00172EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/07 2:59 p.m.15 views

CVE-2026-9658

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

7.3CVSS5.4AI score0.00226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-45179

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

5.3CVSS5.4AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 1:16 p.m.21 views

CVE-2026-9658

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

7.3CVSS0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 11:36 a.m.37 views

CVE-2026-9658 Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 11:36 a.m.16 views

CVE-2026-9658 Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

5.8AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Plack::Middleware::Security::Common 安全漏洞

Plack::Middleware::Security::Common is a Perl web application security header middleware developed by RRWO’s individual developers. Versions of Plack::Middleware::Security::Common prior to 0.13.1 contained security vulnerabilities. These vulnerabilities stemmed from ineffective header injection...

7.3CVSS5.8AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44368

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /pathr HTTP/1.1r Host:...

5.8AI score0.00226EPSS
Exploits0References4
NVD
NVD
added 2026/05/10 8:16 p.m.17 views

CVE-2026-45179

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

5.3CVSS0.00219EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/10 7:10 p.m.43 views

CVE-2026-45179 Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

0.00219EPSS
Exploits0References2
CVE
CVE
added 2026/05/10 7:10 p.m.20 views

CVE-2026-45179

CVE-2026-45179 affects Plack::Middleware::Statsd for Perl, with versions before 0.9.0 potentially leaking user IP addresses if the statsd channel is not secured (e.g., UDP to a different network). Since 0.9.0, IPs are no longer logged unless configured; when configured, an HMAC signature of the I...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/10 7:10 p.m.10 views

EUVD-2026-28995

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

5.8AI score0.00219EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/10 7:10 p.m.7 views

CVE-2026-45179

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

5.8AI score0.00219EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/10 7:10 p.m.20 views

CVE-2026-45179 Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses

Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' IP addresses may be leaked. Since version 0.9.0, the IP address is no...

5.8AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.16 views

PT-2026-39533

Name of the Vulnerable Software and Affected Versions Plack::Middleware::Statsd versions prior to 0.9.0 Description Plack::Middleware::Statsd for Perl may leak user IP addresses. This occurs if the communication channel to the statsd daemon is not secured, such as when sending UDP packets to a ho...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.10 views

Plack::Middleware::Statsd 安全漏洞

Plack::Middleware::Statsd is a middleware component for logging web request metrics and sending them to a statistics system by Robert Rothenberg, an individual developer. A security vulnerability exists in Plack::Middleware::Statsd prior to version 0.9.0, which stems from an unencrypted...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References1
Rows per page
Query Builder