63 matches found
CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The randombytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...
EUVD-2026-31772
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...
CVE-2026-47372 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...
CVE-2026-5084 WebDyne::Session versions through 2.075 for Perl generates the session id insecurely
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand function. The rand function is passed a maximum value based on the process id, the epoch time and the referen...
CVE-2026-6659
CVE-2026-6659 affects Crypt::PasswdMD5 up to 1.42 for Perl. Root cause: salts generated with Perl’s built-in rand are predictable, making password hashes vulnerable to weaknesses in randomness. Exploitation details are not provided in the documents. No remediation information is present in the pr...
PT-2026-38683
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...
CVE-2026-40562
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...
Debian dla-4538 : libperl-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4538 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4538-1 [email protected] https://www.debian.org/lts/security/...
CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts
Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...
EUVD-2026-17044
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of...
CVE-2026-4177 YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on...
Advisory ROSA-SA-2026-3198
Software: perl 5.26.3 OS: ROSA Virtualization 2.1 unaffected versions = perl-5.26.3-423.rv3 affected versions perl-5.26.3-423.rv3 CVE-ID: CVE-2025-40909 BDU-ID: 2025-10307 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Perl programming language interpreter is related to the use of an unreliab...
Advisory ROSA-SA-2026-3180
Software: perl 5.26.3 OS: ROSA Virtualization 3.0 unaffected versions = perl-5.26.3-423.rv30 affected versions perl-5.26.3-423.rv30 CVE-ID: CVE-2025-40909 BDU-ID: 2025-10307 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Perl programming language interpreter is related to the use of an...
Advisory ROSA-SA-2026-3160
Software: perl 5.26.3 OS: ROSA Virtualization 3.1 unaffected versions = perl-5.26.3-423.rv31 affected versions perl-5.26.3-423.rv31 CVE-ID: CVE-2025-40909 BDU-ID: 2025-10307 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Perl programming language interpreter is related to the use of an...
EulerOS Virtualization 2.10.1 : perl (EulerOS-SA-2026-1138)
According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: perl (UTSA-2025-991237)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991237 advisory. Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the...
EUVD-2013-1694
Malware in sbrugna...
EUVD-2020-24270
Malware in sbrugna...
EUVD-2025-9547
Malicious code in bioql PyPI...