Tokuhirom Http::session2 — known CVE vulnerabilities
Every CVE whose affected-product data names Tokuhirom Http::session2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2018-25160 — CVSS 6.5 (medium): HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other…
CVE-2026-3255 — CVSS 6.5 (medium): HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function. The HTTP::Session2 session…