login
login
Home
CPANSec CVE announcements
Archive index June 2025
Thread Index - June 2025 - CPANSec CVE announcements
Search:
Search
« May
Archive index
By date
Refresh
July »
CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
Timothy Legge
(01 Jun 2025 17:00 UTC)
CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name
Timothy Legge
(05 Jun 2025 12:04 UTC)
CVE-2025-40914: Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow
Robert Rothenberg
(11 Jun 2025 14:08 UTC)
CVE-2025-40915: Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens
Robert Rothenberg
(11 Jun 2025 17:25 UTC)
CVE-2025-40912: CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode
Robert Rothenberg
(11 Jun 2025 17:52 UTC)
CVE-2022-4976: Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities
Stig Palmquist
(12 Jun 2025 00:38 UTC)
CVE-2025-40916: Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha text
Robert Rothenberg
(16 Jun 2025 11:09 UTC)
CVE-2025-40910: Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses
Robert Rothenberg
(27 Jun 2025 12:31 UTC)
