VYPR
Vendor

Rrwo

Products
10
CVEs
17
Across products
18
Status
Private

Products

10

Recent CVEs

17
  • CVE-2026-47372CriMay 20, 2026
    risk 0.52cvss 9.1epss 0.00

    Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

  • CVE-2026-49941HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a…

  • CVE-2026-9658HigMay 28, 2026
    risk 0.47cvss 7.3epss 0.00

    Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET…

  • CVE-2026-46720HigMay 17, 2026
    risk 0.46cvss 8.2epss 0.00

    Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

  • CVE-2026-47373HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.00

    Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.

  • CVE-2026-7040HigApr 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for…

  • CVE-2026-49942HigJun 4, 2026
    risk 0.40cvss 7.3epss 0.00

    Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, which were ignored. This could allow network masks to accept larger networks. …

  • CVE-2026-8788HigMay 18, 2026
    risk 0.40cvss 7.3epss 0.00

    Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a…

  • CVE-2026-49940MedJun 4, 2026
    risk 0.35cvss 6.5epss 0.00

    Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks.

  • CVE-2026-46719MedMay 16, 2026
    risk 0.35cvss 6.5epss 0.00

    Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

  • CVE-2025-40911MedMay 27, 2025
    risk 0.35cvss 6.5epss 0.00

    Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can…

  • CVE-2026-46740MedMay 26, 2026
    risk 0.27cvss 5.3epss 0.00

    Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the…

  • CVE-2026-45179MedMay 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on another network), then users' IP addresses may be leaked. Since version…

  • CVE-2023-32318May 26, 2023
    risk 0.00cvss epss 0.00

    Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other…

  • CVE-2021-41233Mar 10, 2022
    risk 0.00cvss epss 0.01

    Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful…

  • CVE-2021-32766Sep 7, 2021
    risk 0.00cvss epss 0.01

    Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case…

  • CVE-2021-32733Jul 12, 2021
    risk 0.00cvss epss 0.01

    Nextcloud Text is a collaborative document editing application that uses Markdown. A cross-site scripting vulnerability is present in versions prior to 19.0.13, 20.0.11, and 21.0.3. The Nextcloud Text application shipped with Nextcloud server used a `text/html` Content-Type when…