Lucene search
K

230 matches found

RustSec
RustSec
added 2026/04/24 12:0 p.m.10 views

Unsound access to padding bytes while serializing date/time values using the Mysql backend

Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...

5.8AI score
Exploits0Affected Software1
Circl
Circl
added 2026/04/17 6:14 p.m.5 views

CVE-2026-41153

creationtimestamp| type| source ---|---|--- 2026-04-17 18:14:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjpjpf2f3w2b...

9.8CVSS5.7AI score0.00257EPSS
Exploits0References1
Circl
Circl
added 2026/03/24 12:29 a.m.4 views

CVE-2026-33174

creationtimestamp| type| source ---|---|--- 2026-03-24 00:29:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhrcz62mfa2d...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 10:1 a.m.4 views

OPENSUSE-SU-2026:20384-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

9.1CVSS7AI score0.00821EPSS
Exploits2References18
Amazon
Amazon
added 2026/03/06 12:0 a.m.7 views

Low: firefox

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

6.8CVSS5.8AI score0.00291EPSS
Exploits0
Circl
Circl
added 2026/02/26 8:10 p.m.3 views

GHSA-5RC7-2JJ6-MP64

creationtimestamp| type| source ---|---|--- 2026-02-26 20:10:19+00:00| seen| https://gist.github.com/alon710/db177992ad587ae21d2ec8067685c1a5...

4.8AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/24 3:21 p.m.4 views

CVE-2026-3102

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be...

8.8CVSS6.5AI score0.03411EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.12 views

PT-2026-21764

Name of the Vulnerable Software and Affected Versions exiftool versions prior to 13.50 Description An OS command injection issue exists in the PNG File Parser component of exiftool on macOS. The flaw is located in the SetMacOSTags function within the lib/Image/ExifTool/MacOS.pm file. A remote...

8.8CVSS7.4AI score0.03411EPSS
Exploits2References39
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.8 views

exiftool 操作系统命令注入漏洞

Exiftool is an open-source application developed by ExifTool. It makes metadata more accessible. Versions of Exiftool 13.49 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from the SetMacOSTags function in the PNG file parser component,...

8.8CVSS6.8AI score0.03411EPSS
Exploits2References7
OSV
OSV
added 2026/02/06 8:16 p.m.10 views

AZL-77087 CVE-2026-25727 affecting package rust 1.75.0-25

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS5.7AI score0.00291EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 8:16 p.m.7 views

AZL-76994 CVE-2026-25727 affecting package kata-containers 3.19.1.kata2-4

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS5.7AI score0.00291EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 8:16 p.m.6 views

AZL-76821 CVE-2026-25727 affecting package azl-compliance for versions less than 1.0.2-3

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS5.7AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 8:16 p.m.11 views

CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS0.00291EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/06 7:20 p.m.6 views

CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS5.4AI score0.00291EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2026/02/06 7:20 p.m.6 views

CVE-2026-25727

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are...

6.8CVSS5.3AI score0.00291EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/02/05 12:0 a.m.4 views

libsoup3 security update

3.6.5-9 - Fix CVE-2026-0719 3.6.5-8 - Fix CVE-2025-14523 3.6.5-7 - Add patch for CVE-2025-12105 3.6.5-6 - Fix integer overflow in date/time parsing 3.6.5-5 - Bump revision number 3.6.5-4 - Fix several CVEs...

8.6CVSS5.6AI score0.00947EPSS
Exploits0
Mageia
Mageia
added 2026/01/28 10:42 p.m.58 views

Updated glib2.0 packages fix security vulnerabilities

Glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with gdatetimenewfromiso8601. CVE-2025-3360 Buffer under-read on glib through glib/gfileutils.c via gettmpfile. CVE-2025-7039 Integer overflow in gescapeuristring...

9.8CVSS7AI score0.00767EPSS
Exploits1References2
Circl
Circl
added 2025/12/09 9:45 p.m.4 views

CVE-2025-66456

creationtimestamp| type| source ---|---|--- 2025-12-09 21:45:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7ljejp7nr2n 2025-12-11 15:42:04+00:00| seen| https://bsky.app/profile/checkmarxzero.bsky.social/post/3m7pvybzu7b2d...

9.8CVSS5.6AI score0.0048EPSS
Exploits1References2
Circl
Circl
added 2025/12/05 2:50 p.m.6 views

CVE-2025-66545

creationtimestamp| type| source ---|---|--- 2025-12-05 14:50:31+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3m7aqclzszd2a...

4.3CVSS5.8AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 12:17 p.m.7 views

CLSA-2025-1764677929 libsoup: Fix of 2 CVEs

CVE-2025-4945: fix integer overflow vulnerability in date/time parsing - CVE-2025-11021: fix out-of-bounds memory read in cookie date handling logic...

7.5CVSS6.2AI score0.00594EPSS
Exploits0References1
Rows per page
Query Builder