Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.49.0, VecDeque::makecontiguous has a bug where the same element may be popped more than once under certain conditions. This bug could lead to a use-after-free or double-free situation...

CVE-2026-40091

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside...

CVE-2026-40091

SpiceDB 1.49.0–1.51.0 logs startup configuration with the full datastore DSN (DatastoreConfig.URI), including plaintext password, when the log level is info. This exposes credentials in startup logs. The issue is fixed in 1.51.1. If upgrading is not possible, the recommended workaround is to set ...

CVE-2026-40091 SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside...

EUVD-2025-28701

Malicious code in bioql PyPI...

CVE-2025-48111

Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0...

WordPress Pixel Manager for WooCommerce (PRO) plugin <= 1.49.0 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin Pixel Manager for WooCommerce versions = 1.49.0...

WordPress plugin Pixel Manager for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-48111 WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0...

WordPress plugin YITH PayPal Express Checkout for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Password Pusher 安全漏洞

Password Pusher is an open source application by Peter Giacomo Lombardo, an individual developer, used to deliver sensitive information over the web. A security vulnerability exists in Password Pusher prior to v1.49.0, which stems from the ability to bypass the rate limiter by spoofing the proxy...

PT-2024-35447 · Unknown · Password Pusher

Name of the Vulnerable Software and Affected Versions: Password Pusher versions prior to v1.49.0 Description: The issue is related to the rate limiter in Password Pusher, which can be bypassed by forging proxy headers, allowing bad actors to send unlimited traffic to the site and potentially...

rust: memory safety violation in String::retain()

In the standard library in Rust before 1.49.0, String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sa...

rust: use-after-free or double free in VecDeque::make_contiguous

In the standard library in Rust before 1.49.0, VecDeque::makecontiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free...

Low: Red Hat Security Advisory: rust-toolset:rhel8 security, bug fix, and enhancement update

An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

rust: use-after-free or double free in VecDeque::make_contiguous

In the standard library in Rust before 1.49.0, VecDeque::makecontiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free...

Mozilla Rust Buffer Overflow Vulnerability (CNVD-2021-33049)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in the Rust standard library prior to version 1.49.0, which stems from the fact that it allows a non-UTF-8 Rust string to be created when there is a problem with the suppli...

CVE-2020-36318

In the standard library in Rust before 1.49.0, VecDeque::makecontiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free...

CVE-2020-36318

In the standard library in Rust before 1.49.0, VecDeque::makecontiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free...

Mozilla Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in the Rust standard library prior to version 1.49.0, which stems from the fact that it allows a non-UTF-8 Rust string to be created when there is a problem with the suppli...