login
login
Home
CPANSec CVE announcements
Archive index Febuary 2026
Thread Index - Febuary 2026 - CPANSec CVE announcements
Search:
Search
« January
Archive index
By date
Refresh
March »
CVE-2025-40905: WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions
Timothy Legge
(13 Feb 2026 00:00 UTC)
CVE-2026-2474: Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()
Stig Palmquist
(16 Feb 2026 21:01 UTC)
CVE-2025-15578: Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely
Timothy Legge
(16 Feb 2026 21:20 UTC)
CVE-2026-2439: Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids
Timothy Legge
(16 Feb 2026 21:27 UTC)
CVE-2026-2588: Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems
Timothy Legge
(22 Feb 2026 23:37 UTC)
CVE-2024-58041: Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions
Timothy Legge
(23 Feb 2026 23:58 UTC)
CVE-2025-40932: Apache::SessionX versions through 2.01 for Perl create insecure session id
Timothy Legge
(27 Feb 2026 00:03 UTC)
CVE-2026-2597: Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes()
Timothy Legge
(27 Feb 2026 00:04 UTC)
CVE-2021-4456: Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact
Timothy Legge
(27 Feb 2026 00:19 UTC)
CVE-2026-3255: HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function
Robert Rothenberg
(27 Feb 2026 20:24 UTC)
CVE-2018-25160: HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend
Robert Rothenberg
(27 Feb 2026 20:25 UTC)