Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
14 articles

#Perl

All CosmicBytez Labs articles tagged #Perl, across news, security advisories, how-to guides, and projects.

  • SecurityJul 14, 2026

    CVE-2026-13221: Perl Regex Trie Overflow Produces Silent Incorrect Matches

    A critical flaw in Perl through 5.43.9 causes regex alternations with more than 65,535 branches to silently produce incorrect matches, potentially bypassing security filters that rely on regex validation.

  • SecurityJul 14, 2026

    CVE-2026-57433: Perl Storable Signed Integer Overflow in SX_HOOK Deserialization

    A CVSS 9.8 signed integer overflow in Perl's Storable module (before 3.41) allows a crafted SX_HOOK record to wrap an I32_MAX item count to -1, corrupting heap memory and potentially enabling remote code execution.

  • SecurityJul 8, 2026

    CVE-2011-10043: Perl Module::Load Arbitrary Module Injection Resurfaces

    A decade-old CVSS 9.8 flaw in Perl's Module::Load (before 0.22) allows attackers to load arbitrary modules outside @INC via '::'-prefixed names. Now...

  • SecurityJun 23, 2026

    CVE-2026-9733: Mojolicious OAuth2 Weak PRNG Enables CSRF Session Hijacking

    A critical flaw in the Mojolicious::Plugin::Web::Auth::OAuth2 Perl module uses a predictable SHA-1 state derived from epoch time and rand(), allowing...

  • SecurityJun 10, 2026

    CVE-2009-10007: Catalyst::Plugin::Authentication Session Fixation

    CVSS 9.1 session fixation flaw in Perl's Catalyst auth plugin (before 0.10_027) lets attackers impersonate authenticated users by pre-planting a known...

  • SecurityMay 27, 2026

    CVE-2026-8450: HTTP::Daemon Perl OS Command Injection via send_file()

    OS command injection (CVSS 9.1) in Perl's HTTP::Daemon lets attackers run arbitrary commands via magic prefix abuse in send_file's two-arg open().

  • SecurityMay 18, 2026

    CVE-2026-8507: Crypt::OpenSSL::PKCS12 Heap OOB Write — CVSS

    A critical heap out-of-bounds write vulnerability in Crypt::OpenSSL::PKCS12 for Perl (versions through 1.94) can be triggered by parsing a malformed...

  • SecurityApr 30, 2026

    CVE-2026-7381: Plack::Middleware::XSendfile

    A critical CVSS 9.1 vulnerability in Plack::Middleware::XSendfile versions through 1.0053 allows remote attackers to control the X-Sendfile-Type header,...

  • SecurityApr 22, 2026

    CVE-2017-20230: Perl Storable Stack Overflow — CVSS 10.0

    A stack overflow vulnerability in Perl's Storable module (versions before 3.05) stems from a signed/unsigned integer mismatch in retrieve_hook(), enabling...

  • SecurityApr 22, 2026

    CVE-2025-15638: Net::Dropbear Bundles Vulnerable

    Net::Dropbear versions before 0.14 for Perl ship with Dropbear 2019.78 or earlier, which includes libtomcrypt v1.18.1 — a library affected by two known...

  • SecurityApr 9, 2026

    CVE-2026-25776: Movable Type Critical Code Injection (CVSS

    Six Apart's Movable Type CMS contains a critical code injection vulnerability allowing unauthenticated attackers to execute arbitrary Perl scripts on...

  • SecurityApr 1, 2026

    CVE-2025-15618: Perl Payment Module Uses Insecure

    Business::OnlinePayment::StoredTransaction through version 0.01 for Perl generates its secret key using an MD5 hash of a single rand() call — a...

  • SecurityMar 30, 2026

    CVE-2026-4176: Perl Compress::Raw::Zlib Critical

    Perl versions 5.9.4 through 5.43.8 ship a vulnerable Compress::Raw::Zlib core module that inherits CVE-2026-3381 from a vendored zlib dependency. CVSS 9.8...

  • SecurityMar 17, 2026

    CVE-2026-4177: YAML::Syck Heap Buffer Overflow Enables

    A critical heap buffer overflow in YAML::Syck for Perl allows remote code execution through crafted YAML input that exceeds the 512-byte class name...