Lucene search
+L

17753 matches found

Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-60771

Name of the Vulnerable Software and Affected Versions libpvestorage-perl version 9.1.1 libpve-storage-perl version 8.3.7 Description An XML External Entity XXE flaw exists in the storage Perl components of Proxmox VE. This issue stems from insecure XML parsing caused by improper parser...

9.8CVSS5.4AI score0.003EPSS
Exploits0References3
OSV
OSV
added 2 days ago6 views

UBUNTU-CVE-2026-57074

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...

9.1CVSS5.4AI score0.00403EPSS
Exploits0References6
NVD
NVD
added 3 days ago9 views

CVE-2026-57075

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

9.1CVSS0.00394EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-57076

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

7.8CVSS0.00129EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-57077 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newlinelen. In the bundled libsyck newlinelen and isnewline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar...

0.00149EPSS
Exploits0References3
CVE
CVE
added 3 days ago7 views

CVE-2026-57077

Affected software: YAML::Syck (Perl) before version 1.47. Vulnerability: out-of-bounds read via an unbounded newline scan in newline_len during block-scalar lexing at a document boundary, dereferencing scan pointers and the following byte of a "\r\n" pair without a NUL-terminator or bounds check....

7.7CVSS6.1AI score0.00149EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-57077 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newlinelen. In the bundled libsyck newlinelen and isnewline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar...

7.7CVSS5.3AI score0.0023EPSS
Exploits0References7
OSV
OSV
added 3 days ago4 views

CVE-2026-57076 YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

7.8CVSS5.4AI score0.00129EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-57076 YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-57075 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

0.00394EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-57075

CVE-2026-57075 affects YAML::Syck before 1.47 for Perl. The base64 decoder syck_base64dec indexes a 256-entry table with a signed char, so any !!binary byte >= 0x80 sign-extends to a negative index and causes an out-of-bounds read from the table, leading to information exposure if a crafted YA...

9.1CVSS6.1AI score0.00394EPSS
Exploits0References3
OSV
OSV
added 3 days ago5 views

CVE-2026-57075 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

9.1CVSS5.3AI score0.00394EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-13713 YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...

0.00141EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-13713

CVE-2026-13713 affects YAML::Syck versions before 1.47 (Perl). A use-after-free and double-free occurs when an anchor is redefined while still on the parser value stack, due to how syck_hdlr_add_anchor and syck_hdlr_remove_anchor free the node. The freed node may still be live on the value stack,...

6.2CVSS6.1AI score0.00141EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

CVE-2026-13713 YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...

6.2CVSS5.3AI score0.00141EPSS
Exploits0References7
NVD
NVD
added 3 days ago7 views

CVE-2026-13401

XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parsercparse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "" or unbalanced quotes "" can...

7.5CVSS0.00388EPSS
Exploits0References3
NVD
NVD
added 3 days ago10 views

CVE-2026-13397

HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes. The parsercparse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "" or unbalanced quotes "" can...

7.5CVSS0.00393EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-3031 Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library

Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library. Image::EPEG includes Epeg 0.9.0 that was last updated in 2004. Epeg is a fast JPEG thumbnail library that was once part of the Englightenment Project...

0.00402EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-3031

CVE-2026-3031 concerns Image::EPEG for Perl, which bundles an outdated Epeg library (Epeg 0.9.0, last updated 2004) and includes through version 0.15. Root cause is embedding an unsupported version of Epeg; affected component is Image::EPEG (Perl). CVSS3.1 base score is 9.8 with CRITICAL impact (...

9.8CVSS6.1AI score0.00402EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-57074 XML::Bare versions through 0.53 for Perl have an unbounded character lookahead

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...

0.00403EPSS
Exploits0References2
Rows per page
Query Builder