|
81
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirectiv…
New
|
CWE-791
CWE-1336
Incomplete Filtering of Special Elements
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-8740
|
2026-05-19 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
- |
|
-
|
-
|
Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation…
New
|
-
|
CVE-2026-26462
|
2026-05-19 02:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files.
Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8669
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
7.5 |
HIGH
Network
|
-
|
-
|
Trog::TOTP versions before 1.006 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
New
|
CWE-331
Insufficient Entropy
|
CVE-2026-46474
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
7.3 |
HIGH
Network
|
-
|
-
|
Crypt::DSA versions before 1.20 for Perl generate seeds using rand.
Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
New
|
CWE-331
Insufficient Entropy
|
CVE-2026-8700
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
New
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-8704
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
- |
|
-
|
-
|
Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections.
The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject add…
New
|
CWE-93
CRLF Injection
|
CVE-2026-46719
|
2026-05-19 02:40 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
8.2 |
HIGH
Network
|
-
|
-
|
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources c…
New
|
CWE-93
CRLF Injection
|
CVE-2026-46720
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws.
When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on a SAFEBAG, via info(…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8507
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs.
Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to Sv…
New
|
CWE-170
Improper Null Termination
|
CVE-2026-8721
|
2026-05-19 02:40 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
