Every CVE whose affected-product data names Perl, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (44)
CVE-2017-12814 — CVSS 9.8 (critical): Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on…
CVE-2026-8376 — CVSS 9.8 (critical): Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds…
CVE-2026-4176 — CVSS 9.8 (critical): Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of…
CVE-2018-18314 — CVSS 9.8 (critical): Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18312 — CVSS 9.8 (critical): Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18311 — CVSS 9.8 (critical): Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2015-8608 — CVSS 9.8 (critical): The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and…
CVE-2022-48522 — CVSS 9.8 (critical): In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege…
CVE-2018-6913 — CVSS 9.8 (critical): Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a…
CVE-2018-6797 — CVSS 9.8 (critical): An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over…
CVE-2018-18313 — CVSS 9.1 (critical): Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process…
CVE-2017-12883 — CVSS 9.1 (critical): Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote…
CVE-2020-10878 — CVSS 8.6 (high): Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular…
CVE-2024-56406 — CVSS 8.4 (high): A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development…
CVE-2020-10543 — CVSS 8.2 (high): Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer…
CVE-2023-31484 — CVSS 8.1 (high): CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
CVE-2023-31486 — CVSS 8.1 (high): HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where…
CVE-2016-6185 — CVSS 7.8 (high): The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local…
CVE-2023-47039 — CVSS 7.8 (high): A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find…
CVE-2017-12837 — CVSS 7.5 (high): Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote…
CVE-2018-12015 — CVSS 7.5 (high): In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite…
CVE-2012-5195 — CVSS 7.5 (high): Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before…
CVE-2015-8853 — CVSS 7.5 (high): The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to…
CVE-2020-12723 — CVSS 7.5 (high): regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2016-2381 — CVSS 7.5 (high): Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment…
CVE-2012-6329 — CVSS 7.5 (high): The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and…
CVE-2013-7422 — CVSS 7.5 (high): Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent…
CVE-2013-1667 — CVSS 7.5 (high): The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and…
CVE-2018-6798 — CVSS 7.5 (high): An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer…
CVE-2023-47038 — CVSS 7.0 (high): A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can…
CVE-1999-1386 — CVSS 5.5 (medium): Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via…
CVE-2011-2939 — CVSS 5.1 (medium): Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might…
CVE-2011-1487 — CVSS 5.0 (medium): The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11…
CVE-2012-1151 — CVSS 5.0 (medium): Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote…
CVE-2011-0761 — CVSS 5.0 (medium): Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging…
CVE-2010-1158 — CVSS 5.0 (medium): Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack…
CVE-2009-3626 — CVSS 5.0 (medium): Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid…
CVE-2008-1927 — CVSS 5.0 (medium): Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a…
CVE-2008-2827 — CVSS 4.6 (medium): The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local…
CVE-2005-3962 — CVSS 4.6 (medium): Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary…
CVE-2011-2728 — CVSS 4.3 (medium): The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service…
CVE-2010-4777 — CVSS 4.3 (medium): The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows…
CVE-2014-4330 — CVSS 2.1 (low): The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of…