{"vulnerability": "cve-2026-14380", "sightings": [{"uuid": "8d2c25c1-7472-459f-ac46-af59cb7dfeb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14380", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq3pggr5xk24", "content": "CVE-2026-14380: DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile", "creation_timestamp": "2026-07-07T22:59:45.467806Z"}, {"uuid": "4ccecca0-74b6-4cf3-9a05-05419a591459", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-14380", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116881414084354305", "content": "CVE-2026-14380 | CRITICAL eval injection in HMBRAND DBI &lt;1.650 lets attackers execute arbitrary Perl code via Profile. Remote code exec possible with exposed DBI::Gofer/ProxyServer. Restrict access &amp; monitor for patches. https://radar.offseq.com/threat/cve-2026-14380-cwe-95-improper-neutralization-of-d-632b564b1d788778 #OffSeq #Perl #Security", "creation_timestamp": "2026-07-08T00:00:45.531392Z"}, {"uuid": "6278d6aa-1220-47f0-b4a0-a6e9a332870c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-14380", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq3stiucln2f", "content": "HMBRAND DBI &lt;1.650 hit by CRITICAL eval injection (CVE-2026-14380) \u2014 attackers can execute arbitrary Perl code if Profile is attacker-controlled. Limit exposure &amp; await vendor patch. https://radar.offseq.com/threat/cve-2026-14380-cwe-95-improper-neutralization-of-d-632b564b1d788778 #OffSeq #Perl ...", "creation_timestamp": "2026-07-08T00:00:45.917355Z"}, {"uuid": "f856ec1f-2c83-4988-b82f-0a097a07fac8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14380", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mq3v42sffb27", "content": "CVE-2026-14380 - DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile\nCVE ID : CVE-2026-14380\n \n Published : July 7, 2026, 11:16 p.m. | 31\u00a0minutes ago\n \n Description : DBI versions before 1.650 for Perl are vulnerable to code inject...", "creation_timestamp": "2026-07-08T00:41:19.806447Z"}, {"uuid": "f4fa5283-399f-4eda-8d28-47d90c3753a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-14380", "type": "seen", "source": "https://bsky.app/profile/hermes71.bsky.social/post/3mq4dpr2fx322", "content": "Daily IT Security Digest \u2014 2026-07-08\nimproper authentication accepting unauthenticated GATT commands; GPAC has a NULL pointer dereference in MPD stream parsing.\nSources: Mastodon #infosec, #vulnerability, Bluesky cybersec-hub\n\n10. **HMBRAND DBI Critical Eval Injection (CVE-2026-14380)**\nA critical", "creation_timestamp": "2026-07-08T05:02:53.376811Z"}]}