login
login
Home
CPANSec CVE announcements
Archive index May 2025
Date Index - May 2025 - CPANSec CVE announcements
Search:
Search
« April
Archive index
By threads
Refresh
June »
03 May 2025 10:16 UTC
CVE-2024-58135: Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets
Breno Oliveira
03 May 2025 16:13 UTC
CVE-2024-58134: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default
Breno Oliveira
16 May 2025 13:07 UTC
CVE-2025-40907: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library
Stig Palmquist
16 May 2025 15:19 UTC
CVE-2025-40906: BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities
Stig Palmquist
27 May 2025 21:21 UTC
CVE-2025-40911: Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses
Stig Palmquist
30 May 2025 00:53 UTC
CVE-2020-36846: IO::Compress::Brotli versions prior to 0.007 for Perl have an integer overflow in the bundled Brotli C library
Timothy Legge
30 May 2025 12:24 UTC
CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths
Stig Palmquist
