Lucene search
+L

5 matches found

RustSec
RustSec
added 2026/03/10 12:0 p.m.20 views

`chrono_anchor` was removed from crates.io due to malicious code

The chronoanchor crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-04 approximately 6 days before removal and had no evidence of actual downloads. There were no crates...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/05 9:15 p.m.6 views

GHSA-MH23-RW7F-V5PQ `time-sync` was removed from crates.io due to malicious code

The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/04 9:7 p.m.2 views

GHSA-WF45-3GPW-VRQV `time_calibrators` was removed from crates.io due to malicious code

The timecalibrators crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-03 approximately 3 hours before removal and had no evidence of actual downloads. There were no crates...

6AI score
Exploits0References2
RustSec
RustSec
added 2026/03/04 12:0 p.m.11 views

`time-sync` was removed from crates.io due to malicious code

The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...

6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/10/31 8:2 p.m.7 views

firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response

The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...

6.1CVSS7.2AI score0.00572EPSS
Exploits0References9
Rows per page
Query Builder