Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Avoid reading the written value in the offset array. When sending a transaction, its offset array is first copied into the target process’s virtual memory area vma. Then, the values are read back from there. This is...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.52.0, a double-free error can occur in the Vec::fromiter function if the process of freeing the element causes a panic...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86/Kconfig: make CFIAUTODEFAULT dependent on !RUST or Rust = 1.88 Calling core::fmt::write from Rust code while FineIBT is enabled results in a kernel panic: 4614.199779 Kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before 1.52.0, there was an optimization for joining strings that could cause uninitialized bytes to be exposed or the program to crash if the borrowed string changed after its length was checked...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Rust-Regex

Regex is an implementation of regular expressions for the Rust language. The regex crate includes built-in measures to prevent denial-of-service attacks caused by untrusted regexes or untrusted inputs matched by trusted regexes. These measures already provide reasonable defaults to prevent attack...

CVE-2026-5222 affecting package rust for versions less than 1.90.0-9

CVE-2026-5222 affecting package rust for versions less than 1.90.0-9. A patched version of the package is available...

CVE-2026-5223 affecting package rust for versions less than 1.75.0-30

CVE-2026-5223 affecting package rust for versions less than 1.75.0-30. A patched version of the package is available...

CVE-2026-5223 affecting package rust for versions less than 1.90.0-9

CVE-2026-5223 affecting package rust for versions less than 1.90.0-9. A patched version of the package is available...

CVE-2026-5222 affecting package rust for versions less than 1.75.0-30

CVE-2026-5222 affecting package rust for versions less than 1.75.0-30. A patched version of the package is available...

CVE-2026-40034 affecting package rust for versions less than 1.90.0-9

CVE-2026-40034 affecting package rust for versions less than 1.90.0-9. A patched version of the package is available...

CVE-2026-40034 affecting package rust for versions less than 1.75.0-30

CVE-2026-40034 affecting package rust for versions less than 1.75.0-30. A patched version of the package is available...

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Attackers took over more than 400 packages in the Arch User Repository AUR this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF...

CVE-2026-8828

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

CVE-2026-8828

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

CVE-2026-8828

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

EUVD-2026-36464

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

CVE-2026-8828

CVE-2026-8828 describes a lack of authorization validation in ChromaDB Rust (version 1.0.0 and later) that allows any authenticated user to arbitrarily read, write, update, or delete data in any tenant’s collection, regardless of tenant ownership. The core issue is insufficient access control in ...

Malicious Package

Overview ecto-rust-read-f3a9c1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-5689 Malicious code in ecto-rust-read-f3a9c1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e73d10b993d9601d0dfe78d143a550ed008b8233beb8b88b7443208e4d0fa89d On install, postinstall.js evaluates a targeting heuristic isRealTarget that fires only when the build environment looks like a real corporate...

RUSTSEC-2026-0178 Panic on a `DataRow` with fewer fields than columns allows denial of service

A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...