[SECURITY] Fedora 42 Update: keylime-agent-rust-0.2.9-1.fc42

The Keylime agent...

[SECURITY] Fedora 43 Update: keylime-agent-rust-0.2.9-1.fc43

The Keylime agent...

PT-2026-23072

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description Vaultwarden, a Bitwarden compatible server, had a flaw where a Manager with limited permissions manage=false for a specific collection could still perform management operations like updating...

PT-2026-23071

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description A Manager account with limited permissions was able to gain elevated privileges by using the bulk-access API to modify permissions on collections they were not originally authorized to access. T...

Fedora: Security Advisory (FEDORA-2026-c2b5451b35)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-e5027335a3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of...

SUSE-SU-2026:20534-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update to version 0.2.8+116. Security issues fixed: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257908. Other updates and bugfixes: - Update vendored crates time to...

CVE-2026-28402

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

CVE-2026-28402

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

PT-2026-22404

Name of the Vulnerable Software and Affected Versions nimiq/core-rs-albatross versions prior to 1.2.2 Description A malicious or compromised validator, if elected as a proposer, could publish a macro block proposal where the header.body root does not match the actual macro body hash. Proposal...

RUSTSEC-2026-0027 `tracings` was removed from crates.io for malicious code

This is part of an ongoing campaign to attempt to typosquat crates in an attempt to exfiltrate Polymarket credentials. The malicious crate had 1 version published on 2026-02-26 approximately 9 hours before removal and had no evidence of actual usage. The only crate depending on this crate was the...

SUSE-SU-2026:20526-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update to version 0.2.8+116. Security issues fixed: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257908. Other updates and bugfixes: - Update to version 0.2.8+116:...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27572 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27572 Source advisory: OSV:RUSTSEC-2026-0021...

Panic when dropping a `[Typed]Func::call_async` future

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94 For more information see the GitHub-hosted security advisory...

Fedora: Security Advisory (FEDORA-2026-086a367966)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: uv-0.10.2-1.fc42

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

[SECURITY] Fedora 42 Update: rust-ambient-id-0.0.10-1.fc42

Detects ambient OIDC credentials in a variety of environments...

AZL-78179 CVE-2026-27171 affecting package rust 1.72.0-14

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition...

Linux Distros Unpatched Vulnerability : CVE-2026-2625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the R...