EUVD-2018-18544

Malware in sbrugna...

EUVD-2017-15568

Malware in sbrugna...

CVE-2025-30673

CVE-2025-30673 concerns Sub::HandlesVia for Perl prior to 0.050002, where an attacker can place a malicious file in the current working directory and have it loaded instead of the intended file. The underlying issue is caused by Mite-generated code including the current working directory in @INC ...

CVE-2025-1860 Data::Entropy for Perl uses insecure rand() function for cryptographic functions

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2022-48522

In Perl 5.34.0, function Sfinduninitvar in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation...

Perl Security Bypass Vulnerability

Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. A security vulnerability exists in Perl due to the program's failure to properly handle environment variables. An attacker can exploit this vulnerability to bypass security mechanisms...

CVE-2013-4407

HTTP::Body::Multipart in the HTTP-Body module for Perl 1.07 through 1.22, before 1.23 uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may...

CVE-2012-6329

The compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input t...