Lucene search
K

140 matches found

Debian CVE
Debian CVE
added 6 days ago6 views

CVE-2026-14895

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

7.5CVSS6AI score0.00392EPSS
Exploits0
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-7017 HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

0.0026EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.16 views

PT-2026-55751

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.22 Description The software draws the DSA signing nonce and private key from a biased random generator. Specifically, the makerandom function in Crypt::DSA::Util forces the high bit of every returned value to...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/30 11:4 a.m.5 views

EUVD-2026-40288

Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on the .torrent-file ingest path. The peer and magnet metadata path onmetadatareceived, reached from the BEP...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 8:42 p.m.15 views

CVE-2026-13758

CVE-2026-13758 affects CryptX for Perl versions before 0.088_001. The vulnerability stems from a non-constant-time comparison of AEAD authentication tags in the streaming decrypt_done path, using memNE (memcmp() != 0). The run time varies with the number of matching leading bytes across all five ...

3.7CVSS5.8AI score0.00295EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 9:16 a.m.7 views

UBUNTU-CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References7
OSV
OSV
added 2026/06/24 7:41 p.m.2 views

OPENSUSE-SU-2026:21045-1 Security update for perl-libwww-perl

This update for perl-libwww-perl fixes the following issue - CVE-2026-8368: authorization and proxy-authorization headers are leaked on cross-origin redirects bsc1265156...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Debian dla-4639 : libhttp-daemon-perl - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dla-4639 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4639-1 [email protected]...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References5
OSV
OSV
added 2026/06/20 2:16 a.m.6 views

UBUNTU-CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS6AI score0.00354EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/19 1:10 a.m.10 views

[SECURITY] Fedora 43 Update: perl-HTTP-Daemon-6.17-1.fc43

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

9.1CVSS5.2AI score0.01452EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/17 8:2 a.m.7 views

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer

...

9.8CVSS5.8AI score0.00376EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLED15 / SLES15 Security Update : perl-XML-LibXML (SUSE-SU-2026:2324-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2324-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing...

7.5CVSS5.5AI score0.00531EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 2:41 p.m.34 views

CVE-2026-9638

Crypt::PBKDF2 for Perl versions before 0.261630 are vulnerable because they generate salts with the built-in rand function, which is predictable and not suitable for cryptography. Affected component: Crypt::PBKDF2 (Perl). Root cause: use of insecure RNG for salts. Impact: cryptographic salts may ...

7.5CVSS5.3AI score0.00305EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 2:16 p.m.7 views

UBUNTU-CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.3AI score0.00319EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 1:19 p.m.8 views

EUVD-2017-18978

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.2AI score0.00319EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 1:49 p.m.8 views

USN-8419-1 libhttp-daemon-perl vulnerability

It was discovered that HTTP-Daemon incorrectly handled untrusted input under certain circumstances. A remote attacker could possibly use this issue to execute arbitrary commands, create or overwrite arbitrary files, or expose sensitive information...

9.1CVSS5.9AI score0.01452EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 8:58 a.m.11 views

USN-8418-1 libcrypt-saltedhash-perl vulnerability

It was discovered that Crypt-SaltedHash incorrectly generated salts using a cryptographically weak pseudo-random number generator. An attacker could possibly use this issue to predict generated salts, leading to a weakening of cryptographic protections...

9.1CVSS5.3AI score0.00397EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 2:33 p.m.6 views

SUSE-SU-2026:2324-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.4AI score0.00531EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2 : perl-libwww-perl, --advisory ALAS2-2026-3325 (ALAS-2026-3325)

The version of perl-libwww-perl installed on the remote host is prior to 6.05-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3325 advisory. LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects...

6.5CVSS5.5AI score0.00266EPSS
Exploits0References4
Amazon
Amazon
added 2026/06/08 12:0 a.m.15 views

Medium: perl-libwww-perl

Issue Overview: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorizatio...

6.5CVSS5.5AI score0.00266EPSS
Exploits0
Rows per page
Query Builder