Lucene search
+L

921 matches found

OSV
OSV
added 2026/05/25 10:16 a.m.8 views

ALPINE-CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

5.3CVSS5.9AI score0.00294EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/25 10:16 a.m.18 views

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References4
OSV
OSV
added 2026/05/25 10:16 a.m.9 views

UBUNTU-CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/05/25 8:57 a.m.21 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/25 8:57 a.m.12 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/25 8:57 a.m.12 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 8:54 a.m.14 views

CVE-2026-5222 Cargo can be coerced to share credentials between registries

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

2.3CVSS5.9AI score0.00328EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/25 8:54 a.m.18 views

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0
CVE
CVE
added 2026/05/25 8:54 a.m.33 views

CVE-2026-5222

CVE-2026-5222 affects Cargo (versions 1.68–1.96) where URLs of third-party registries using the sparse index protocol are incorrectly normalized. If a hosting provider lets multiple registries share a domain with arbitrary names, an attacker who can publish crates in a registry could obtain crede...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/25 8:54 a.m.39 views

CVE-2026-5222 Cargo can be coerced to share credentials between registries

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

2.3CVSS0.00328EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/25 8:54 a.m.11 views

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.14 views

PT-2026-43025

Name of the Vulnerable Software and Affected Versions Cargo versions prior to 1.96.0 Description Cargo incorrectly handled symbolic links symlinks—which are files that point to another file or directory—inside crate tarballs downloaded from third-party registries. This allows a malicious crate to...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References21
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Cargo 安全漏洞

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A security vulnerability exists in Cargo versions 1.68 through 1.96, which stems from a misnormalization of third-party registry URLs that use the sparse indexing protocol, where an attacker who is able to publish crat...

6.5CVSS5.9AI score0.00328EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.14 views

Cargo 安全漏洞

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A security vulnerability exists in Cargo that stems from the incorrect handling of symbolic links in a crate tarball downloaded from a third-party registry, which could lead to a malicious crate overwriting the source...

6.5CVSS5.9AI score0.00294EPSS
Exploits0References3
RustSec
RustSec
added 2026/05/21 12:0 p.m.15 views

audiopus_sys is unmaintained

audiopussys is implicitly unmaintained and holds a reference to CMake versions with which CMake 4.0 is not backwards compatible, causing cargo builds to error. An effort to contact the maintainer was made on June 10th, 2025 with no reply. A separate 2025 PR was made from a different user addressi...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/21 12:0 p.m.8 views

RUSTSEC-2026-0150 audiopus_sys is unmaintained

audiopussys is implicitly unmaintained and holds a reference to CMake versions with which CMake 4.0 is not backwards compatible, causing cargo builds to error. An effort to contact the maintainer was made on June 10th, 2025 with no reply. A separate 2025 PR was made from a different user addressi...

5.8AI score
Exploits0References5
Fedora
Fedora
added 2026/05/19 4:1 p.m.16 views

[SECURITY] Fedora 43 Update: rust-cargo-vendor-filterer-0.5.18-5.fc43

cargo vendor, but with filtering for platforms and more...

9.3CVSS5.8AI score0.00359EPSS
Exploits0
Fedora
Fedora
added 2026/05/18 1:24 a.m.16 views

[SECURITY] Fedora 42 Update: uv-0.11.11-1.fc42

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/18 12:44 a.m.20 views

[SECURITY] Fedora 44 Update: uv-0.11.11-1.fc44

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/17 9:24 p.m.15 views

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of openssl (CVE-2026-41676, CVE-2026-41677, CVE-2026-41678, CVE-2026-41681)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses versions 0.10.73 and 0.10.74 of the openssl crate, which provides Rust bindings for the OpenSSL library. Several security-related bugs, such as buffer overflows, were identified in these versions of the...

9.3CVSS6AI score0.00359EPSS
Exploits0Affected Software1
Rows per page
Query Builder