RUSTSEC-2026-0171 `logflux` was removed from crates.io for malicious code

The logflux crate attempted to download and run a malicious payload on the user's machine. The malicious crate had 1 version published on 2026-04-26, approximately 1 month before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Paweł Bis for...

CVE-2026-46359

creationtimestamp| type| source ---|---|--- 2026-05-06 20:44:39+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-pm8c-3qq3-72w7...

GHSA-QPRH-M6P3-HWXC `sui-execution-cut` was removed from crates.io for malicious code

sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

GHSA-6HW5-45GM-FJ88

creationtimestamp| type| source ---|---|--- 2026-04-15 15:20:23+00:00| published-proof-of-concept| Telegram/uZRx6HZozAc0thMR3KKbNyvZVgKIzeeLzgWMgVKyfbYH8EA...

GHSA-FJ6V-43R7-GCJM

creationtimestamp| type| source ---|---|--- 2026-04-09 01:27:18+00:00| published-proof-of-concept| Telegram/viJYT7gg8S3gJ-1aMGboAArF-0qOTu7PWcGdGBWdFKwXc...

GHSA-GRQ6-Q49F-44XH

creationtimestamp| type| source ---|---|--- 2026-04-07 17:29:55+00:00| published-proof-of-concept| Telegram/ZjNX94OaGDygpp8THY2068PQ3qFjjnuznV-29wb7oU4kmRI...

GHSA-5F97-JGG4-GQWR

creationtimestamp| type| source ---|---|--- 2026-04-07 17:29:55+00:00| published-proof-of-concept| Telegram/ZjNX94OaGDygpp8THY2068PQ3qFjjnuznV-29wb7oU4kmRI...

RUSTSEC-2026-0014 `rpc-check` was removed from crates.io for malicious code

It was attempting to steal credentials from the POLYMARKETPRIVATEKEY environment variable. The malicious crate had 3 versions published on 2026-02-15 and had been downloaded only 155 times. There were no crates depending on this crate on crates.io. Thanks to Sisong Li for finding and reporting th...

CVE-2026-24419

creationtimestamp| type| source ---|---|--- 2026-02-06 16:47:10+00:00| published-proof-of-concept| https://github.com/devcode-it/openstamanager/security/advisories/GHSA-4j2x-jh4m-fqv6...

GHSA-XJ93-QW9P-JXQ4

creationtimestamp| type| source ---|---|--- 2026-01-08 15:04:15+00:00| published-proof-of-concept| Telegram/yKq4JZi7DqLkj1C3AmJNJ8CdN45JKlyrqrV14cu0DbuA70...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.15...

PT-2025-47097

CVE-2025-65065 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-65065 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

WordPress Classified Pro theme <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation vulnerability discovered by István Márton in WordPress Theme ClassifiedPro versions = 1.0.14...

PT-2025-34604 · Undefined · Undefined

CVE-2025-58035 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-58035 Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-32213 · Undefined · Undefined

CVE-2025-54975 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-54975 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

GHSA-564R-HJ7V-MCR5

creationtimestamp| type| source ---|---|--- 2025-07-16 03:12:09+00:00| seen| https://gist.github.com/safer-bot/36f2ef37d36eb5a3075f945a07663c8f 2025-07-16 06:27:33+00:00| seen| https://gist.github.com/safer-bot/dcba38acd7b3b589f657659fa2a6b641 2025-07-16 14:38:12+00:00| seen|...

SUSE: Security Advisory (SUSE-SU-2025:02275-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Invico - WordPress Consulting Business Theme Theme <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Software Invico - WordPress Consulting Business Theme Type Theme Vulnerable versions = 1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31427 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9e4642f9ea67 Credits Tran...

WordPress Uncode Core plugin <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcodes vulnerability discovered by stealthcopter in WordPress Plugin Uncode Core versions = 2.9.4.2...

CVE-2025-45851

creationtimestamp| type| source ---|---|--- 2025-06-27 20:52:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19789...