Skip to main content

Text

9 CVEs product

Monthly

CVE-2026-8594 MEDIUM PATCH This Month

Resource amplification in Text::LineFold (Unicode-LineBreak Perl distribution, versions through 2019.001) causes output to be duplicated proportionally to the number of Unicode special line break characters present in the input string. The fold() method incorrectly passes the entire input string to the break() function on each segment iteration, rather than passing only the current segment, producing amplified output that grows with each VT, FF, or similar line break character encountered. No public exploit has been identified at time of analysis and EPSS sits at the 0th percentile, but any application accepting untrusted input and passing it through fold() is exposed to potential denial of service.

Denial Of Service Text
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-7111 HIGH PATCH This Week

Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead. Calling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.

Buffer Overflow Text
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-7040 HIGH This Week

Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for minnify.

Buffer Overflow Text
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2022-32149 Go HIGH POC PATCH This Week

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Text
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-2328 HIGH This Week

Vulnerability in the Oracle Text component of Oracle Database Server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Text
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-2045 LOW Monitor

Vulnerability in the Oracle Text component of Oracle Database Server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Text
NVD
CVSS 3.1
3.1
EPSS
0.9%
CVE-2020-14734 HIGH PATCH This Week

Vulnerability in the Oracle Text component of Oracle Database Server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Text
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-14040 Go HIGH PATCH This Week

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Text Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-3299 HIGH PATCH This Week

Vulnerability in the Oracle Text component of Oracle Database Server. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Text
NVD
CVSS 3.0
8.2
EPSS
1.8%
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Resource amplification in Text::LineFold (Unicode-LineBreak Perl distribution, versions through 2019.001) causes output to be duplicated proportionally to the number of Unicode special line break characters present in the input string. The fold() method incorrectly passes the entire input string to the break() function on each segment iteration, rather than passing only the current segment, producing amplified output that grows with each VT, FF, or similar line break character encountered. No public exploit has been identified at time of analysis and EPSS sits at the 0th percentile, but any application accepting untrusted input and passing it through fold() is exposed to potential denial of service.

Denial Of Service Text
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead. Calling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.

Buffer Overflow Text
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for minnify.

Buffer Overflow Text
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Text
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Vulnerability in the Oracle Text component of Oracle Database Server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Text
NVD
EPSS 1% CVSS 3.1
LOW Monitor

Vulnerability in the Oracle Text component of Oracle Database Server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Text
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Vulnerability in the Oracle Text component of Oracle Database Server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Text
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Text Fedora
NVD
EPSS 2% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the Oracle Text component of Oracle Database Server. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Text
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy