CVE-2026-5090 affects Template::Plugin::HTML versions through 3.102 for Perl. According to the published description, the module's html_filter function did not escape single quotes, which means data placed into HTML attributes delimited by single quotes could break out of the attribute and inject limited HTML or JavaScript. The issue is narrower than full raw HTML injection because angle brackets, ampersa [truncated]
CVE-2006-10003 is an off-by-one heap buffer overflow vulnerability in the st_serial_stack function of XML::Parser versions up to 2.47 for Perl. The bug occurs when parsing an XML file with very deep element nesting and can lead to a critical CVSS score of 9.8. The issue arises from the incorrect handling of stack expansion when the stack pointer equals the stack size minus one. This CVE was officially pub [truncated]
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities, including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. Additionally, the base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occ [truncated]