Lucene search
K

916 matches found

Wolfi
Wolfi
added 2026/06/02 1:48 a.m.17 views

GHSA-3PV8-6F4R-FFG2 vulnerabilities

Vulnerabilities for packages: qdrant, wasm-pack, litmus, rye, buck2, zizmor, cargo-c, rustup, deno, sccache, wasmcloud, cleave...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.14 views

CVE-2026-45311

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

9.6CVSS6.2AI score0.00375EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/01 1:17 p.m.30 views

GHSA-3PV8-6F4R-FFG2 vulnerabilities

Vulnerabilities for packages: qdrant, deno, buck2, rustup, bootc, rye, cleave, sccache, litmus, cargo-c, wasmcloud, zizmor, typst, fnm, wasm-pack...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/01 1:17 p.m.15 views

GHSA-9857-6MW7-FQ2M vulnerabilities

Vulnerabilities for packages: cargo-audit, cargo-c...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/05/29 10:2 p.m.9 views

Malicious Package

Overview @breezeai-frontend/cargo-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/05/28 5:32 p.m.12 views

EUVD-2026-32965

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

9.6CVSS6.2AI score0.00375EPSS
Exploits0References1
Fedora
Fedora
added 2026/05/28 12:48 a.m.28 views

[SECURITY] Fedora 43 Update: uv-0.11.15-1.fc43

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/27 10:59 a.m.13 views

SUSE CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:59 a.m.14 views

SUSE CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:18 a.m.6 views

Cargo can be coerced to share credentials between registries

...

6.5CVSS5.3AI score0.00328EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-5222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple...

6.5CVSS5.6AI score0.00328EPSS
Exploits0References3
OSV
OSV
added 2026/05/25 10:16 a.m.8 views

ALPINE-CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

5.3CVSS5.9AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 10:16 a.m.17 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/05/25 10:16 a.m.6 views

DEBIAN-CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 10:16 a.m.19 views

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS0.00328EPSS
Exploits0References3
OSV
OSV
added 2026/05/25 10:16 a.m.8 views

DEBIAN-CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

5.3CVSS5.9AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2026/05/25 10:16 a.m.8 views

ALPINE-CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2026/05/25 10:16 a.m.9 views

UBUNTU-CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/25 10:16 a.m.18 views

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/25 8:57 a.m.10 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder