Lucene search
+L

626 matches found

osv
osv
added 2026/07/08 12:6 p.m.2 views

RLSA-2026:36189 Important: perl-HTTP-Daemon security update

The perl-HTTP-Daemon package includes the HTTP::Daemon class, a subclass of IO::Socket::IP. Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. Security Fixes: perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in...

8.1CVSS6.4AI score0.01452EPSS
Exploits0References2
redhat
redhat
added 2026/07/07 9:55 a.m.7 views

perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References7
redhat
redhat
added 2026/07/07 9:54 a.m.5 views

perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References7
osv
osv
added 2026/07/07 12:0 a.m.4 views

ALSA-2026:36188 Important: perl-HTTP-Daemon security update

The perl-HTTP-Daemon package includes the HTTP::Daemon class, a subclass of IO::Socket::IP. Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. Security Fixes: perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in...

9.1CVSS6.4AI score0.01452EPSS
Exploits0References4
osv
osv
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-436 SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely. A patch is available on the master branch of the repository...

9.3CVSS7.3AI score0.01398EPSS
Exploits1References7
osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-541 Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7.3AI score0.0118EPSS
Exploits0References5
osv
osv
added 2026/06/20 6:49 a.m.3 views

OPENSUSE-SU-2026:21119-1 Security update for perl-HTTP-Daemon

This update for perl-HTTP-Daemon fixes the following issue - CVE-2026-8450: HTTP: Daemon versions before 6.17 for Perl allow OS command injection via sendfile bsc1266370...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References2
nessus
nessus
added 2026/06/20 12:0 a.m.7 views

Fedora 44 : perl-HTTP-Daemon (2026-8982379b5c)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8982379b5c advisory. Changes: 6.17 2026-05-19 23:11:06Z - Fix CVE-2026-8450 affects 6.15 and earlier: 2-arg open in sendfile enabled RCE / arbitrary file write / response-body...

9.1CVSS6.1AI score0.01452EPSS
Exploits0References2
nessus
nessus
added 2026/06/20 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2442-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2442-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description...

9.1CVSS6AI score0.01452EPSS
Exploits0References4
nessus
nessus
added 2026/06/20 12:0 a.m.7 views

SUSE SLES12 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2408-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2408-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description block directly from the SUSE...

9.1CVSS6AI score0.01452EPSS
Exploits0References4
osv
osv
added 2026/06/16 7:57 a.m.4 views

SUSE-SU-2026:2408-1 Security update for perl-HTTP-Daemon

This update for perl-HTTP-Daemon fixes the following issues: - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370...

9.1CVSS5.2AI score0.01452EPSS
Exploits0References3
nessus
nessus
added 2026/06/08 12:0 a.m.14 views

Amazon Linux 2 : perl-HTTP-Daemon, --advisory ALAS2-2026-3341 (ALAS-2026-3341)

The version of perl-HTTP-Daemon installed on the remote host is prior to 6.01-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3341 advisory. HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with...

9.1CVSS5.6AI score0.01452EPSS
Exploits0References4
euvd
euvd
added 2026/05/27 4:22 a.m.14 views

EUVD-2026-32050

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

9.1CVSS5.8AI score0.01452EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/27 4:22 a.m.7 views

CVE-2026-8450

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

5.8AI score0.01452EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/27 4:22 a.m.45 views

CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

0.01452EPSS
Exploits0References3
nessus
nessus
added 2026/05/27 12:0 a.m.34 views

Linux Distros Unpatched Vulnerability : CVE-2026-8450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form...

9.1CVSS6AI score0.01452EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 10:49 a.m.9 views

CVE-2022-31575

The duducosmos/livropython repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01293EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 10:48 a.m.10 views

CVE-2022-31548

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01242EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 10:48 a.m.18 views

CVE-2022-31584

The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01293EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 10:48 a.m.8 views

CVE-2022-31531

The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01242EPSS
Exploits1References1
Rows per page
Query Builder