[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-15043":6},{"stargazers_count":4,"fetched_at":5},7,"2026-07-14T15:01:22.736Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":24,"related":25,"reserved_at":9,"published_at":26,"modified_at":27,"state":28,"summary":29,"references_raw":36,"kevs":51,"epss":9,"epss_history":52,"metrics":53,"affected":58},"CVE-2026-15043","DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted \u003C= and >= SQL operators on text.\n\nDBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the is_matched method, \u003C= was evaluated using Perl's ge operator, and >= was evaluated using Perl's le operator.\n\nSQL::Nano is the fallback query engine for DBI's file-backed drivers (DBD::File, DBD::DBM, CSV-style drivers) whenever SQL::Statement is not installed, and is forced whenever DBI_SQL_NANO=1. Queries over such tables use these predicates directly.\n\nThe impact depends on the context. Where an application relies on a WHERE clause to filter file-backed data for policy or authorization, an inverted \u003C=/>= comparison silently returns the wrong rows.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-480","Use of Incorrect Operator","The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.","weakness","Draft","Base","Low",[],[],[],[],[],[],[],"2026-07-14T09:44:25.733Z","2026-07-14T14:16:12.284Z","PUBLISHED",{"cisa_kev":30,"cisa_ransomware":30,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":31,"severity_score":32,"severity_version":33,"severity_source":34,"severity_vector":35,"severity_status":28},false,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[37,42,47],{"url":38,"sources":39,"tags":40},"https://github.com/perl5-dbi/dbi/security/advisories/GHSA-mv45-ff6j-x9jp",[34],[41],"Vendor Advisory",{"url":43,"sources":44,"tags":45},"https://github.com/perl5-dbi/dbi/commit/e9742ef85a75867cbd696860e3bf3e32b681f98d.patch",[34],[46],"Patch",{"url":48,"sources":49,"tags":50},"http://www.openwall.com/lists/oss-security/2026/07/14/9",[34],[],[],[],[54],{"source":34,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":55,"cvss_v4_0":9},{"baseScore":32,"baseSeverity":56,"vectorString":35,"impactScore":32,"exploitabilityScore":57},"CRITICAL",10,[59],{"ecosystem":9,"name":60,"vendor":61,"product":62,"cpe_part":63,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":64},"DBI::SQL::Nano","hmbrand","dbi::sql::nano","a",[65],{"version":66,"is_range":67,"range_type":34,"version_start":68,"version_start_type":69,"version_end":70,"version_end_type":71,"fixed_in":9},">= 1.42, \u003C 1.651",true,"1.42","including","1.651","excluding"]