| 03 May 2025 10:16 UTC |
CVE-2024-58135: Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets |
Breno Oliveira |
| 03 May 2025 16:13 UTC |
CVE-2024-58134: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default |
Breno Oliveira |
| 16 May 2025 13:07 UTC |
CVE-2025-40907: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library |
Stig Palmquist |
| 16 May 2025 15:19 UTC |
CVE-2025-40906: BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities |
Stig Palmquist |
| 27 May 2025 21:21 UTC |
CVE-2025-40911: Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses |
Stig Palmquist |
| 30 May 2025 00:53 UTC |
CVE-2020-36846: IO::Compress::Brotli versions prior to 0.007 for Perl have an integer overflow in the bundled Brotli C library |
Timothy Legge |
| 30 May 2025 12:24 UTC |
CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths |
Stig Palmquist |
