login
login
Home
CPANSec CVE announcements
Archive index March 2026
Date Index - March 2026 - CPANSec CVE announcements
Search:
Search
« Febuary
Archive index
By threads
Refresh
April »
05 Mar 2026 01:30 UTC
CVE-2026-3381: Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Timothy Legge
05 Mar 2026 01:30 UTC
CVE-2025-40926: Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely
Timothy Legge
05 Mar 2026 01:36 UTC
CVE-2026-3257: UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library
Timothy Legge
05 Mar 2026 01:42 UTC
CVE-2025-40931: Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id
Timothy Legge
05 Mar 2026 02:20 UTC
CVE-2024-57854: Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator
Timothy Legge
08 Mar 2026 01:10 UTC
CVE-2026-30909: Crypt::NaCl::Sodium versions through 2.002 for Perl has potential integer overflows
Timothy Legge
08 Mar 2026 01:11 UTC
CVE-2026-30910: Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows
Timothy Legge
16 Mar 2026 22:36 UTC
CVE-2026-4177: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter
Timothy Legge
19 Mar 2026 11:06 UTC
CVE-2006-10002: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes
Timothy Legge
19 Mar 2026 11:09 UTC
CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack
Timothy Legge
26 Mar 2026 02:06 UTC
CVE-2014-125112: Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution
Timothy Legge
28 Mar 2026 18:47 UTC
CVE-2025-15604: Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions
Robert Rothenberg
28 Mar 2026 18:55 UTC
CVE-2026-3256: HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids
Robert Rothenberg
29 Mar 2026 00:24 UTC
CVE-2026-4851: GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization
Timothy Legge
29 Mar 2026 20:56 UTC
CVE-2026-4176: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Stig Palmquist
31 Mar 2026 10:06 UTC
CVE-2025-15618: Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key
Robert Rothenberg
31 Mar 2026 11:33 UTC
CVE-2024-14030: Sereal::Decoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library
Robert Rothenberg
31 Mar 2026 11:33 UTC
CVE-2024-14031: Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library
Robert Rothenberg
31 Mar 2026 16:04 UTC
CVE-2026-5087: PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely
Robert Rothenberg
