Search CVE reports


Toggle filters

1 – 10 of 338 results


CVE-2026-14454

Medium priority
Needs evaluation

(Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry co ...)

1 affected package

libimager-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libimager-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-14895

Medium priority
Needs evaluation

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s*$//u. Because \s* matches greedily and the $ anchor fails...

1 affected package

libstring-util-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libstring-util-perl Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2026-14740

Medium priority
Needs evaluation

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of...

1 affected package

libdbi-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libdbi-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-14739

Medium priority
Needs evaluation

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million...

1 affected package

libdbi-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libdbi-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-14380

Medium priority
Needs evaluation

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the...

1 affected package

libdbi-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libdbi-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-7017

Medium priority
Needs evaluation

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb`...

2 affected packages

libhttp-tiny-perl, perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libhttp-tiny-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2011-10043

Medium priority
Needs evaluation

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence...

1 affected package

perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
perl Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2026-14803

Medium priority
Needs evaluation

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path (`_decode_value` dispatching to `_decode_array` and `_decode_object`) recurses with no...

1 affected package

libmojolicious-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libmojolicious-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-13708

Medium priority
Needs evaluation

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in i_readjpeg_wiol. i_readjpeg_wiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a...

1 affected package

libimager-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libimager-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-13705

Medium priority
Needs evaluation

Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in read_rgb_16_rle. read_rgb_16_rle guards each literal run with if (count > data_left),...

1 affected package

libimager-perl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libimager-perl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages