Lucene search
K

914 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/08 6:18 p.m.7 views

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of libnghttp2-sys (CVE-2025-7207, CVE-2025-12875)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.90.0.0 uses the libnghttp2-sys-0.1.11+1.64.0 crate, which wraps a vulnerable version 1.64 of the nghttp2 library. Vulnerability Details CVEID:CVE-2025-12875 DESCRIPTION: A weakness has been identified in mruby 3.4.0...

7.8CVSS5.3AI score0.00214EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/07 3:10 a.m.11 views

annatar (>=0.4.3 <=0.5.8), ansi2png-rs (>=0.1.0 <=0.1.1) +62 more potentially affected by unknown CVE via imageproc (>=0.10.0 <=0.22.0)

imageproc CARGO version =0.10.0, =0.4.3, =0.1.0, =0.2.0, =0.1.5, =0.1.0, =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.1.0, =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QG8R-F7X3-25F7...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/30 4:25 a.m.84 views

Exploit for CVE-2026-31431

cve-2026-31431 732 bytes required to execute root on all majo...

7.8CVSS7.3AI score0.96267EPSS
Exploits230
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/29 9:25 p.m.11 views

Malicious code in @breezeai-frontend/cargo-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b36e9fa7e047ca0001c4203829c98d09f750046708527baf2f2a1538a3f5e10 The package @breezeai-frontend/cargo-ui was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/29 9:25 p.m.7 views

MAL-2026-3183 Malicious code in @breezeai-frontend/cargo-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b36e9fa7e047ca0001c4203829c98d09f750046708527baf2f2a1538a3f5e10 The package @breezeai-frontend/cargo-ui was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:10 p.m.7 views

CVE-2026-42427

OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGOBUILDRUSTCWRAPPER, RUSTCWRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands and...

5.8CVSS6.6AI score0.00188EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.10 views

PT-2026-35805

OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO BUILD RUSTC WRAPPER, RUSTC WRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands an...

5.8CVSS6.6AI score0.00188EPSS
Exploits0References6
Chainguard
Chainguard
added 2026/04/25 7:17 a.m.8 views

GHSA-82J2-J2CH-GFR8 vulnerabilities

Vulnerabilities for packages: kdash, wasmtime, fnm, rye, linkerd-network-validator, wasm-pack, zellij, ntpd-rs, lakekeeper, linkerd2-proxy, shadowsocks-rust, sentry-cli, asciinema, komodo, rustup, atuin, cargo-audit, rustls-openssl-client, linkerd-extension-init, linkerd2-cni-plugin, uv, sccache,...

6.1AI score
Exploits0
NVD
NVD
added 2026/04/24 7:17 p.m.7 views

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS0.00281EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/24 6:32 p.m.5 views

CVE-2026-41414 Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.4AI score0.00281EPSS
Exploits1References2
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.19 views

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: ztunnel, ntpd-rs, uv, wasmcloud, sccache, kdash, py3-xet-core, deno, linkerd-network-validator, cargo-audit, wasmtime, samply, rye, wasm-pack, pixi, xh, parseable, tealdeer, zizmor, berg, qdrant, linkerd2, buck2, linkerd2-proxy, rustup, lychee, shadowsocks-rust,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.10 views

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: ztunnel, ntpd-rs, uv, wasmcloud, sccache, kdash, py3-xet-core, deno, linkerd-network-validator, cargo-audit, wasmtime, samply, rye, wasm-pack, pixi, xh, parseable, tealdeer, zizmor, berg, qdrant, linkerd2, buck2, linkerd2-proxy, rustup, lychee, shadowsocks-rust,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.8 views

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: kdash, wasmtime, fnm, rye, linkerd-network-validator, wasm-pack, zellij, ntpd-rs, lakekeeper, linkerd2-proxy, shadowsocks-rust, sentry-cli, asciinema, komodo, rustup, atuin, cargo-audit, linkerd-extension-init, linkerd2-cni-plugin, uv, sccache, ztunnel, garage, buck2...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.6 views

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: kdash, wasmtime, fnm, rye, linkerd-network-validator, wasm-pack, zellij, ntpd-rs, lakekeeper, linkerd2-proxy, shadowsocks-rust, sentry-cli, asciinema, komodo, rustup, atuin, cargo-audit, linkerd-extension-init, linkerd2-cni-plugin, uv, sccache, ztunnel, garage, buck2...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/04/17 1:48 a.m.13 views

GHSA-CQ8V-F236-94QC vulnerabilities

Vulnerabilities for packages: cargo-c, rav1e, ntpd-rs, wadm, hurl, uv, wasmcloud, sccache, kdash, py3-xet-core, deno, nushell, linkerd-network-validator, cargo-audit, starship, uutils, mountpoint-s3, efs-utils, wasmtime, samply, sdp-k8s-injector, ruff, mdbook, rye, pixi, yara-x, fish, xh, zellij,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/17 1:17 a.m.7 views

GHSA-CQ8V-F236-94QC vulnerabilities

Vulnerabilities for packages: kdash, wasmtime, fnm, rye, linkerd-network-validator, zellij, yazi, guestproxyagent, wizer, jujutsu, ntpd-rs, yara-x, linkerd2-proxy, just, efs-utils, wadm, shadowsocks-rust, sentry-cli, asciinema, cargo-c, rav1e, mountpoint-s3, apollo-router, komodo, rustup, vector,...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/04/09 2:22 p.m.6 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the handling of environment variables in the exec env denylist. An attacker can execute arbitrary commands by injecting malicious values into...

8.6CVSS6AI score0.00188EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/07 9:32 p.m.3 views

EUVD-2026-19927

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.9AI score0.00189EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/07 9:32 p.m.3 views

EUVD-2026-19931

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.9AI score0.00158EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/07 9:32 p.m.7 views

EUVD-2026-19891

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.9AI score0.00181EPSS
Exploits1References4
Rows per page
Query Builder