login
login
Home
CPANSec CVE announcements
Archive index April 2026
Date Index - April 2026 - CPANSec CVE announcements
Search:
Search
« March
Archive index
By threads
Refresh
May »
08 Apr 2026 05:51 UTC
CVE-2026-5082: Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id
Robert Rothenberg
08 Apr 2026 05:56 UTC
CVE-2026-5083: Ado::Sessions versions through 0.935 for Perl generates insecure session ids
Robert Rothenberg
10 Apr 2026 21:45 UTC
CVE-2026-40198: Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass
Stig Palmquist
10 Apr 2026 21:53 UTC
CVE-2026-40199: Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass
Stig Palmquist
13 Apr 2026 07:00 UTC
CVE-2026-5085: Solstice::Session versions through 1440 for Perl generates session ids insecurely
Robert Rothenberg
13 Apr 2026 22:57 UTC
CVE-2026-5086: Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks
Robert Rothenberg
15 Apr 2026 07:06 UTC
CVE-2026-5088: Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts
Robert Rothenberg
21 Apr 2026 15:28 UTC
CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow
Robert Rothenberg
21 Apr 2026 15:36 UTC
CVE-2025-15638: Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt
Robert Rothenberg
23 Apr 2026 07:36 UTC
CVE-2026-41564: CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking
Stig Palmquist
27 Apr 2026 12:31 UTC
CVE-2026-7040: Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters
Robert Rothenberg
28 Apr 2026 23:53 UTC
CVE-2026-40560: Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Timothy Legge
29 Apr 2026 14:29 UTC
CVE-2026-7111: Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption
Stig Palmquist
29 Apr 2026 22:15 UTC
CVE-2026-7381: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting
Robert Rothenberg
30 Apr 2026 11:52 UTC
CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely
Robert Rothenberg
