Search CVE reports


Toggle filters

1 – 10 of 349 results


CVE-2026-15747

Medium priority
Needs evaluation

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. _csrf_token generates and caches one token per session and returns the same value on...

1 affected package

libmojolicious-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libmojolicious-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-60082

Medium priority
Needs evaluation

DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array...

1 affected package

libdbi-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libdbi-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-60081

Medium priority
Needs evaluation

DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large...

1 affected package

libdbi-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libdbi-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-15392

Medium priority
Needs evaluation

DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location. The complete_table_name method builds the absolute table file path without checking whether the file is a symbolic...

1 affected package

libdbi-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libdbi-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-15043

Medium priority
Needs evaluation

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted <= and >= SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string...

1 affected package

libdbi-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libdbi-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-58102

Medium priority
Needs evaluation

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts. When building the extension hash (via extensions(), extensions_by_long_name(),...

1 affected package

libcrypt-openssl-x509-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libcrypt-openssl-x509-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-58101

Medium priority
Needs evaluation

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3_EXT_d2i(ext) returns NULL when an extension's DER value fails to parse. basicC, ia5string, and auth_att dereference...

1 affected package

libcrypt-openssl-x509-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libcrypt-openssl-x509-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-57433

Medium priority
Needs evaluation

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SX_HOOK record. retrieve_hook_common reads a signed 32-bit item count from an SX_HOOK record and calls av_extend with that count...

1 affected package

perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-57432

Medium priority
Needs evaluation

Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow...

1 affected package

perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-13221

Medium priority
Needs evaluation

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk. When such branches are combined into a...

1 affected package

perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages