Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3954 matches found

RedhatCVE
RedhatCVEadded 2026/06/03 11:40 a.m.6 views

CVE-2026-9516

A flaw was found in Cpanel::JSON::XS, a Perl module used for processing JSON data. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted input that begins with a UTF-8 Byte Order Mark BOM. When a decode filter callback encounters an error with...

7.5CVSS5.8AI score0.00608EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/03 11:40 a.m.8 views

CVE-2026-9334

A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...

7.3CVSS5.8AI score0.00412EPSS
Exploits0References2
NVD
NVDadded 2026/06/03 1:16 a.m.12 views

CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

7.3CVSS0.00412EPSS
Exploits0References3
NVD
NVDadded 2026/06/03 1:16 a.m.12 views

CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS0.00608EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/03 12:15 a.m.9 views

CVE-2026-9516 Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

5.9AI score0.00608EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/03 12:15 a.m.5 views

CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

5.9AI score0.00608EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/03 12:15 a.m.8 views

EUVD-2026-34061

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS5.9AI score0.00608EPSS
Exploits0References2
CVE
CVEadded 2026/06/03 12:15 a.m.19 views

CVE-2026-9516

CVE-2026-9516 affects Cpanel::JSON::XS for Perl prior to 4.41. A UTF-8 BOM prefixed input with a throwing decode filter callback can cause the decoder to skip restoration of the input pointer, leaving the scalar with an offset pointer. When the scalar is freed, the allocator may receive an invali...

7.5CVSS5.9AI score0.00608EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/03 12:15 a.m.9 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

5.8AI score0.00412EPSS
Exploits0References2
CVE
CVEadded 2026/06/03 12:15 a.m.21 views

CVE-2026-9334

Cpanel::JSON::XS (Perl) is affected by a type-confusion issue in decode_hv() for versions before 4.41 when dupkeys_as_arrayref is enabled. The code tests duplicate keys by evaluating SvTYPE (old_value) != SVt_RV && SvTYPE (SvRV (old_value)) != SVt_PVAV, which dereferences a value via SvRV(old_val...

7.3CVSS5.8AI score0.00412EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/06/03 12:15 a.m.6 views

CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

5.8AI score0.00412EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/03 12:15 a.m.10 views

EUVD-2026-34060

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

7.3CVSS5.8AI score0.00412EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/03 12:15 a.m.37 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

0.00412EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/03 12:0 a.m.11 views

PT-2026-45892

Name of the Vulnerable Software and Affected Versions Cpanel::JSON::XS versions prior to 4.41 Description An issue exists where providing input prefixed with a UTF-8 Byte Order Mark BOM can lead to a denial of service. When the decode json function processes a 3-byte UTF-8 BOM, it advances the...

7.5CVSS5.4AI score0.00608EPSS
Exploits0References12
CNNVD
CNNVDadded 2026/06/03 12:0 a.m.2 views

Cpanel::JSON::XS 安全漏洞

Cpanel::JSON::XS is a tool developed by RURBAN personal developers that converts Perl data structures into JSON format. Versions of Cpanel::JSON::XS prior to version 4.41 contained security vulnerabilities. These vulnerabilities stemmed from exceptions thrown during the decoding filter callback,...

7.5CVSS5.3AI score0.00608EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/06/03 12:0 a.m.4 views

Cpanel::JSON::XS 安全漏洞

Cpanel::JSON::XS is a tool developed by RURBAN for converting Perl data structures into JSON format. Versions of Cpanel::JSON::XS prior to version 4.41 contained security vulnerabilities. These vulnerabilities stemmed from the use of dupkeysasarrayref, which led to type confusion when repeated...

7.3CVSS5.3AI score0.00412EPSS
Exploits0References3
OSV
OSVadded 2026/06/03 12:0 a.m.5 views

OPENSUSE-SU-2026:10950-1 perl-Cpanel-JSON-XS-4.410.0-1.1 on GA media

These are all security issues fixed in the perl-Cpanel-JSON-XS-4.410.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00608EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEVadded 2026/06/01 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS5.3AI score0.00654EPSS
In wildExploits3References5
GithubExploit
GithubExploitadded 2026/05/27 12:16 a.m.107 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 — WHM/cPanel Exploit Tool Linux ⚠️ DISCL...

9.8CVSS6AI score0.90543EPSS
Exploits63
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.16 views

PT-2026-43619

Name of the Vulnerable Software and Affected Versions protobufjs affected versions not specified Description An issue exists where the software could recurse without a depth limit during the conversion of decoded messages to plain objects or JSON. This specifically affects the generated toObject...

7.5CVSS5.9AI score
Exploits0References6
Rows per page
Query Builder