CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

234 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-44983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec...

7.3CVSS6.1AI score0.00006EPSS

Exploits0References3

OSV•added 2026/05/26 10:16 p.m.•2 views

UBUNTU-CVE-2026-44983

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...

7.3CVSS6.1AI score0.00006EPSS

Exploits0References3

Tenable Nessus•added 2026/05/17 12:0 a.m.•4 views

Fedora 43 : python-uv-build / rust-astral-tokio-tar / uv (2026-a8100094df)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-a8100094df advisory. Update uv and python-uv-build to 0.11.11. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA- xx64-wwv2-hcqq and GHSA-...

5.8AI score

Exploits0References1

OSV•added 2026/05/02 12:0 p.m.•0 views

RUSTSEC-2026-0132 Potential out-of-bounds write via public `Context` fields

The Context struct has all fields public pub dlen, pub digest, etc.. Code from other modules within the same crate can directly modify dlen to a value exceeding the digest vector length. When reset is subsequently called, self.digestself.dlen as usize = 0 becomes an out-of-bounds write. Withdrawa...

5.8AI score

Exploits0References3

Cvelist•added 2026/04/20 10:5 a.m.•28 views

CVE-2026-6654 Use-After-Free and Double-Free in IntoIter::drop when element drop panics

Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...

0.00022EPSS

Exploits1References1

Fedora•added 2026/03/28 12:19 a.m.•2 views

[SECURITY] Fedora 44 Update: rust-astral-reqwest-retry-0.9.1-1.fc44

Retry middleware for reqwest...

5.8AI score

Exploits0

OSV•added 2026/03/19 12:0 p.m.•2 views

RUSTSEC-2026-0068 tar-rs incorrectly ignores PAX size headers if header size is nonzero

Versions 0.4.44 and below of tar-rs have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518astral-cve, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the...

5.1CVSS5.7AI score0.00019EPSS

Exploits1References2

OSV•added 2026/01/28 12:24 a.m.•3 views

CVE-2026-24850 ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

5.3CVSS5.9AI score0.00017EPSS

Exploits0References13

The Hacker News•added 2025/12/03 8:39 a.m.•8 views

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine EVM unit helper tool. The Rust crate,...

7.5AI score

Exploits0

OSV•added 2025/11/04 12:0 p.m.•1 views

RUSTSEC-2025-0154 `replit_ruspty` was removed from crates.io for malicious code

The OpenSSF Package Analysis project identified 'replitruspty' @ 1.0.0 crates.io as malicious. Version 2.0.0 was also published with malware. It is considered malicious because: The package communicates with a domain associated with malicious activity. The package executes one or more commands...

5.8AI score

Exploits0References3

EUVD•added 2025/10/07 6:49 p.m.•4 views

EUVD-2025-32904

Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the anyref or externref WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all prior versions of Wasmtime are unaffected. If...

1CVSS6.3AI score0.00017EPSS

Exploits0References3