CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 6 days ago•6 views

CVE-2026-52753

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rustdemangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analys...

6.7CVSS0.00111EPSS

Cvelist•added 6 days ago•32 views

CVE-2026-52753 Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol

6.7CVSS0.00111EPSS

EUVD•added 6 days ago•6 views

EUVD-2026-36012

Vulnrichment•added 6 days ago•6 views

CVE-2026-52753 Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol

CVE•added 6 days ago•20 views

CVE-2026-52753

Ghidra

Exploits1References2Affected Software1

OSV•added 6 days ago•8 views

RUSTSEC-2026-0175 `onering` 1.4.1 was removed from crates.io for malicious code

A new version of the onering crate was published with code that attempted to exfiltrate both metadata and code from the project it was included within. One malicious version was published on 2026-06-10, approximately six hours before removal. This crate has no dependencies on crates.io, and there...

5.6AI score

Exploits0References2

Positive Technologies•added 6 days ago•7 views

PT-2026-48545

Name of the Vulnerable Software and Affected Versions russh versions 0.37.0 through 0.60.2 Description In the keyboard-interactive authentication path of the client, a malicious SSH server can send a USERAUTH INFO REQUEST containing an attacker-controlled prompt count. The client uses this raw...

6.5CVSS5.3AI score0.00232EPSS

Exploits0References5

Positive Technologies•added 6 days ago•7 views

PT-2026-48413

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary...

CNNVD•added 6 days ago•1 views

Exploits1References3

National Security Agency Ghidra 安全漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the rustdemangle function, which allocated...

6.7CVSS5.3AI score0.00111EPSS

Exploits1References1

Positive Technologies•added 2026/06/09 12:0 a.m.•6 views

PT-2026-48330

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle dht get network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the reco...

5.3CVSS5.5AI score0.00297EPSS

Exploits0References4

Positive Technologies•added 2026/06/09 12:0 a.m.•8 views

PT-2026-48331

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macro...

6.5CVSS5.3AI score0.00259EPSS

Exploits0References4

Tenable Nessus•added 2026/06/08 12:0 a.m.•6 views

Amazon Linux 2023 : papers, papers-devel, papers-libs (ALAS2023-2026-1782)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1782 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue...

8.4CVSS5.6AI score0.00397EPSS

Exploits0References4

Amazon•added 2026/06/08 12:0 a.m.•4 views

Important: papers

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue RUSTSEC-2026-0097 was also found in the bundled Rust rand crate. ThreadRng methods us...

5.5AI score0.00397EPSS

Amazon•added 2026/06/08 12:0 a.m.•4 views

Medium: device-mapper-persistent-data

Issue Overview: An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper-persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when a custom logger accesses rand::rng or rand::threadrng during reseeding, resultin...

5.5AI score

Tenable Nessus•added 2026/06/08 12:0 a.m.•8 views

Amazon Linux 2023 : device-mapper-persistent-data (ALAS2023-2026-1791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1791 advisory. An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper- persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when...

5.6AI score

Exploits0References2

Fedora•added 2026/06/06 1:2 a.m.•11 views

[SECURITY] Fedora 44 Update: rust-1.96.0-1.fc44

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

6.5CVSS5.4AI score0.00415EPSS