login
login
Home
CPANSec CVE announcements
Archive index May 2026
Date Index - May 2026 - CPANSec CVE announcements
Search:
Search
« April
Archive index
By threads
Refresh
June »
03 May 2026 00:58 UTC
CVE-2026-40561: Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Timothy Legge
06 May 2026 12:19 UTC
CVE-2026-5081: Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure
Robert Rothenberg
06 May 2026 12:38 UTC
CVE-2026-40562: Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Robert Rothenberg
08 May 2026 07:46 UTC
CVE-2013-10075: Apache::Session versions through 1.94 for Perl re-creates deleted sessions
Robert Rothenberg
08 May 2026 17:23 UTC
CVE-2026-6659: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts
Robert Rothenberg
10 May 2026 19:34 UTC
CVE-2026-45179: Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses
Robert Rothenberg
10 May 2026 20:08 UTC
CVE-2026-45180: Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids
Robert Rothenberg
10 May 2026 20:24 UTC
CVE-2026-45190: Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass
Stig Palmquist
10 May 2026 20:25 UTC
CVE-2026-45191: Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass
Stig Palmquist
10 May 2026 20:55 UTC
CVE-2026-8177: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Stig Palmquist
11 May 2026 07:25 UTC
CVE-2026-5084: WebDyne::Session versions through 2.075 for Perl generates the session id insecurely
Stig Palmquist
11 May 2026 07:33 UTC
Re: [cpansec-cve-announce] CVE-2026-8177: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
Stig Palmquist
11 May 2026 19:07 UTC
CVE-2022-4988: Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries
Robert Rothenberg
11 May 2026 19:14 UTC
CVE-2026-6146: Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys
Robert Rothenberg
11 May 2026 21:18 UTC
CVE-2026-7010: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values
Stig Palmquist
12 May 2026 14:07 UTC
CVE-2026-8368: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
Stig Palmquist
12 May 2026 16:59 UTC
CVE-2026-5089: YAML::Syck versions before 1.38 for Perl has an out-of-bounds read
Robert Rothenberg
13 May 2026 12:43 UTC
CVE-2026-8463: Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input
Stig Palmquist
13 May 2026 22:26 UTC
CVE-2026-8500: Web::Passwd versions through 0.03 for Perl is vulnerable to RCE
Robert Rothenberg
15 May 2026 01:16 UTC
CVE-2026-8612: WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution
Stig Palmquist
15 May 2026 11:00 UTC
CVE-2026-8454: Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files
Timothy Legge
15 May 2026 11:14 UTC
CVE-2026-8503: Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids
Robert Rothenberg
15 May 2026 13:39 UTC
CVE-2026-8669: Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files
Timothy Legge
15 May 2026 17:43 UTC
CVE-2026-46474: Trog::TOTP versions before 1.006 for Perl generate secrets using rand
Robert Rothenberg
15 May 2026 22:12 UTC
CVE-2026-8700: Crypt::DSA versions before 1.20 for Perl generate seeds using rand
Timothy Legge
15 May 2026 22:21 UTC
CVE-2026-8704: Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified
Timothy Legge
16 May 2026 13:39 UTC
CVE-2026-46719: Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections
Robert Rothenberg
17 May 2026 17:55 UTC
CVE-2026-46720: Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections
Robert Rothenberg
17 May 2026 18:44 UTC
CVE-2026-8507: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of bound (OOB) write flaws
Timothy Legge
17 May 2026 18:50 UTC
CVE-2026-8721: Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs
Timothy Legge
18 May 2026 06:41 UTC
CVE-2026-8788: Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections
Robert Rothenberg
