CVE-2026-54815

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

CVE-2026-54815 WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

EUVD-2026-37708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

Fedora 43 : rust (2026-d7436d12ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d7436d12ae advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

Fedora 44 : rust (2026-e251935c8f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e251935c8f advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

CVE-2026-5222

A flaw was found in rust-cargo. The Cargo tool, used for managing Rust projects, incorrectly handled the URLs of third-party registries when using the sparse index protocol. This vulnerability could allow an attacker, who is able to publish packages in a registry, to obtain sensitive credentials...

GHSA-X494-MJ8G-CJ27 vulnerabilities

Vulnerabilities for packages: cargo-audit...

GHSA-PG4W-G64P-QWHJ vulnerabilities

Vulnerabilities for packages: cargo-audit...

GHSA-P3HW-MV63-RF9W vulnerabilities

Vulnerabilities for packages: cargo-audit...

GHSA-FR8X-3VFX-F45H vulnerabilities

Vulnerabilities for packages: cargo-audit...

GHSA-F26G-JM89-4G65 vulnerabilities

Vulnerabilities for packages: cargo-audit...

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

CVE-2026-39841

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39839

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39840

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

CVE-2026-39837

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

aquadoggo (=0.1.0), askama_tide (>=0.10.0 <=0.15.0) +151 more potentially affected by unknown CVE via tide (>=0.0.5 <=0.9.0)

tide CARGO version =0.0.5, =0.10.0, =0.9.0, =1.14.10, =0.2.0, =2.0.0, =1.0.1, =0.1.0, =0.4.1, =6.0.0, =0.1.2, =0.0.4, =0.1.13, =0.4.0, =0.5.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0170...

GHSA-9857-6MW7-FQ2M vulnerabilities

Vulnerabilities for packages: cargo-audit, cargo-c...

GHSA-3PV8-6F4R-FFG2 vulnerabilities

Vulnerabilities for packages: cargo-c, qdrant, zizmor, wasmcloud, buck2, rye, wasm-pack, rustup, litmus, sccache, deno, cleave...

CVE-2026-45311

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...