Lucene search
K

142 matches found

Rockylinux
Rockylinux
added 2026/07/08 12:6 p.m.4 views

perl-HTTP-Daemon security update

An update is available for perl-HTTP-Daemon. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The perl-HTTP-Daemon package includes the HTTP::Daemon class, a...

9.1CVSS6.5AI score0.01452EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/07/08 12:4 p.m.5 views

perl-HTTP-Daemon security update

An update is available for perl-HTTP-Daemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The perl-HTTP-Daemon package includes the HTTP::Daemon class, a...

9.1CVSS6.5AI score0.01452EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/07/08 6:0 a.m.5 views

perl-HTTP-Daemon security update

An update is available for perl-HTTP-Daemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The perl-HTTP-Daemon package includes the HTTP::Daemon class, a...

9.1CVSS6.5AI score0.01452EPSS
Exploits0
OSV
OSV
added 2026/07/02 2:13 p.m.5 views

PYSEC-2026-749 Path Traversal in scout-browser

Scout is a Variant Call Format VCF visualization interface. The Pypi package scout-browser is vulnerable to path traversal due to sendfile call in versions prior to 4.52...

6.8CVSS5.9AI score0.01296EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/06/24 8:55 p.m.57 views

CVE-2026-45687 Rocket.Chat: Authenticated Arbitrary Data Export Theft via Mass Assignment in sendFileMessage

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method passes the entire attacker-supplied file object into Uploads.updateFileComplete, which merges it...

8.5CVSS0.00205EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 8:55 p.m.13 views

CVE-2026-45687

CVE-2026-45687 affects Rocket.Chat prior to fixed versions (8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, 7.10.11). The issue lies in the sendFileMessage DDP path, where the attacker-provided file object is passed to Uploads.updateFileComplete and merged into a MongoDB $set via Object.assign ...

8.5CVSS5.9AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2026/06/20 6:49 a.m.2 views

SUSE-SU-2026:22187-1 Security update for perl-HTTP-Daemon

This update for perl-HTTP-Daemon fixes the following issue - CVE-2026-8450: HTTP: Daemon versions before 6.17 for Perl allow OS command injection via sendfile bsc1266370...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Fedora 43 : perl-HTTP-Daemon (2026-f276b2154e)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f276b2154e advisory. Changes: 6.17 2026-05-19 23:11:06Z - Fix CVE-2026-8450 affects 6.15 and earlier: 2-arg open in sendfile enabled RCE / arbitrary file write / response-body...

9.1CVSS6.1AI score0.01452EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 7:24 a.m.4 views

SUSE-SU-2026:2442-1 Security update for perl-HTTP-Daemon

This update for perl-HTTP-Daemon fixes the following issues: - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References3
Amazon
Amazon
added 2026/06/08 12:0 a.m.13 views

Important: perl-HTTP-Daemon

Issue Overview: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or...

9.1CVSS5.5AI score0.01452EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2023 : perl-HTTP-Daemon, perl-HTTP-Daemon-tests (ALAS2023-2026-1794)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1794 advisory. HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd...

9.1CVSS5.6AI score0.01452EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 6:42 a.m.13 views

CVE-2026-8450

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6AI score0.01452EPSS
Exploits0References6
OSV
OSV
added 2026/05/29 5:12 a.m.13 views

MGASA-2026-0157 Updated perl-HTTP-Daemon package fixes a security vulnerability

The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. CVE-2026-8450...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References4
Mageia
Mageia
added 2026/05/29 5:12 a.m.20 views

Updated perl-HTTP-Daemon package fixes a security vulnerability

The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. CVE-2026-8450...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:58 a.m.11 views

SUSE CVE-2026-8450

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

8.1CVSS5.8AI score0.01452EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/05/27 5:16 a.m.20 views

CVE-2026-8450

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References6
OSV
OSV
added 2026/05/27 5:16 a.m.18 views

UBUNTU-CVE-2026-8450

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/27 4:22 a.m.11 views

CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

5.8AI score0.01452EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 4:22 a.m.120 views

CVE-2026-8450

CVE-2026-8450 affects HTTP::Daemon before 6.17 (Perl). The vulnerability allows OS command execution via the send_file() function, which opens its string argument with Perl’s 2-arg open(). The 2-arg form supports magic prefixes: “| cmd” and “cmd |” to pipe to a subprocess, and “> path”/“>&g...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References11
OSV
OSV
added 2026/05/27 4:22 a.m.2 views

CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

9.1CVSS5.9AI score0.01452EPSS
Exploits0References15
Rows per page
Query Builder