Multiple soundness issues in `scaly` safe APIs

Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...

CVE-2020-24807

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

CVE-2025-12776

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

CVE-2025-15391

A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgimain of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...

EUVD-2025-205833

A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument strIp/strMask/strGateway results in command injection. The...

Bincode is unmaintained

Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently. The team considers version 1.3.3 a complete version of bincode that is not in need of any updates. Alternatives to consider wincode postcard bitcode rkyv...

RUSTSEC-2025-0141 Bincode is unmaintained

Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently. The team considers version 1.3.3 a complete version of bincode that is not in need of any updates. Alternatives to consider wincode postcard bitcode rkyv...

EUVD-2025-203098

A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has...

CVE-2025-14567 haxxorsid Stock-Management-System employees missing authentication

A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has...

rustls-pemfile is unmaintained

The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the...

RUSTSEC-2025-0134 rustls-pemfile is unmaintained

The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the...

RUSTSEC-2025-0119 number_prefix crate is unmaintained

The numberprefix crate is no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - unit-prefix...

RUSTSEC-2025-0123 opentelemetry-jaeger crate is unmaintained

The opentelemetry-jaeger crate is deprecated and no longer actively maintained. The Jaeger propagator implementation has been migrated to opentelemetry-jaeger-propagator. More information and examples of using OTLP with Jaeger can be found in Introducing native support for OpenTelemetry in Jaeger...

number_prefix crate is unmaintained

The numberprefix crate is no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - unit-prefix...

RUSTSEC-2025-0121 gcc crate is unmaintained

The gcc crate is deprecated and no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - cc...

RUSTSEC-2025-0153 hexchat crate is unsound and unmaintained

All versions of this crate have function deregistercommand which can result in use after free. This is unsound. In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads. In addition, the hexchat crate is no longer actively maintained. If you rely ...

opentelemetry-jaeger crate is unmaintained

The opentelemetry-jaeger crate is deprecated and no longer actively maintained. The Jaeger propagator implementation has been migrated to opentelemetry-jaeger-propagator. More information and examples of using OTLP with Jaeger can be found in Introducing native support for OpenTelemetry in Jaeger...

hexchat crate is unsound and unmaintained

All versions of this crate have function deregistercommand which can result in use after free. This is unsound. In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads. In addition, the hexchat crate is no longer actively maintained. If you rely ...

RUSTSEC-2025-0122 cargo-asm crate is unmaintained

The cargo-asm crate is deprecated and no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - cargo-show-asm...

cargo-asm crate is unmaintained

The cargo-asm crate is deprecated and no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - cargo-show-asm...