All CosmicBytez Labs articles tagged #Perl, across news, security advisories, how-to guides, and projects.
A critical flaw in Perl through 5.43.9 causes regex alternations with more than 65,535 branches to silently produce incorrect matches, potentially bypassing security filters that rely on regex validation.
A CVSS 9.8 signed integer overflow in Perl's Storable module (before 3.41) allows a crafted SX_HOOK record to wrap an I32_MAX item count to -1, corrupting heap memory and potentially enabling remote code execution.
A decade-old CVSS 9.8 flaw in Perl's Module::Load (before 0.22) allows attackers to load arbitrary modules outside @INC via '::'-prefixed names. Now...
A critical flaw in the Mojolicious::Plugin::Web::Auth::OAuth2 Perl module uses a predictable SHA-1 state derived from epoch time and rand(), allowing...
CVSS 9.1 session fixation flaw in Perl's Catalyst auth plugin (before 0.10_027) lets attackers impersonate authenticated users by pre-planting a known...
OS command injection (CVSS 9.1) in Perl's HTTP::Daemon lets attackers run arbitrary commands via magic prefix abuse in send_file's two-arg open().
A critical heap out-of-bounds write vulnerability in Crypt::OpenSSL::PKCS12 for Perl (versions through 1.94) can be triggered by parsing a malformed...
A critical CVSS 9.1 vulnerability in Plack::Middleware::XSendfile versions through 1.0053 allows remote attackers to control the X-Sendfile-Type header,...
A stack overflow vulnerability in Perl's Storable module (versions before 3.05) stems from a signed/unsigned integer mismatch in retrieve_hook(), enabling...
Net::Dropbear versions before 0.14 for Perl ship with Dropbear 2019.78 or earlier, which includes libtomcrypt v1.18.1 — a library affected by two known...
Six Apart's Movable Type CMS contains a critical code injection vulnerability allowing unauthenticated attackers to execute arbitrary Perl scripts on...
Business::OnlinePayment::StoredTransaction through version 0.01 for Perl generates its secret key using an MD5 hash of a single rand() call — a...
Perl versions 5.9.4 through 5.43.8 ship a vulnerable Compress::Raw::Zlib core module that inherits CVE-2026-3381 from a vendored zlib dependency. CVSS 9.8...
A critical heap buffer overflow in YAML::Syck for Perl allows remote code execution through crafted YAML input that exceeds the 512-byte class name...