CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

CVE-2026-31236

A flaw was found in the llm CLI tool. An attacker can exploit a code injection vulnerability by crafting a malicious command with arbitrary Python code in the --functions argument. If a victim is tricked into running this command, it leads to arbitrary code execution on their system, potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-31236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command- line argument. This argument is intended to allow use...

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

LLM 安全漏洞

LLM is a multi-model large language model command-line interaction tool developed by Simon Willison. Versions of LLM 0.27.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of the --functions command-line parameter to directly execute unsafe code using the exe...

CVE-2026-31236

The CVE-2026-31236 issue affects the llm CLI tool up to version 0.27.1. The vulnerability arises from the --functions argument, which accepts user-provided Python definitions and is executed with unsafe exec() without sanitization or sandboxing, enabling arbitrary code execution on a victim’s sys...

imageproc: integer overflow in kernel size check leads to out-of-bounds read

A bounds verification of a slice storage of a 2-dimensional matrix's coefficients a kernel would compare the total size against the product of individual dimensions. This would erroneously cast after the multiplication and consequently fail to detect possible violations when overflow occurs...

GHSA-W5P8-4JCX-2J6R imageproc: integer overflow in kernel size check leads to out-of-bounds read

A bounds verification of a slice storage of a 2-dimensional matrix's coefficients a kernel would compare the total size against the product of individual dimensions. This would erroneously cast after the multiplication and consequently fail to detect possible violations when overflow occurs...

Improper check of an invariant resulting in incorrect bounds checks

A bounds verification of a slice storage of a 2-dimensional matrix's coefficients a kernel would compare the total size against the product of individual dimensions. This would erroneously cast after the multiplication and consequently fail to detect possible violations when overflow occurs...

Symbolic Execution Meets Multi-LLM Orchestration: Detecting Memory Vulnerabilities in Incomplete Rust CVE Snippets

This paper presents a system combining symbolic execution KLEE with a 4-agent multi-LLM architecture for detecting memory vulnerabilities in Rust unsafe code. A central challenge we address is the incomplete-code problem: CVE database entries provide only isolated code snippets that lack struct...

Rand is unsound with a custom logger using `rand::rng()`

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

RUSTSEC-2026-0097 Rand is unsound with a custom logger using `rand::rng()`

It has been reported by @lopopolo that the rand library is unsound i.e. that safe code using the public API can cause Undefined Behaviour when all the following conditions are met: - The log and threadrng features are enabled - A custom logger is defined - The custom logger accesses rand::rng...

Potential undefined behavior when dereferencing Buf struct

if we dereference the Buf struct right after calling new or default on Buf struct, it passes Null Pointer to the unsafe function slice::fromrawparts. Based on the safety section documentation of function, data must be non-null and aligned even for zero-length slices or slices of ZSTs. Thus, passi...

CVE-2025-69319

Improper Control of Generation of Code 'Code Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through = 2.9.4.1...

RUSTSEC-2025-0132 `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

EUVD-2023-33680

Malicious code in bioql PyPI...

SandCell: Sandboxing Rust beyond Unsafe Code

Rust is a modern systems programming language that ensures memory safety by enforcing ownership and borrowing rules at compile time. While the unsafe keyword allows programmers to bypass these restrictions, it introduces significant risks. Various approaches for isolating unsafe code to protect...

IdMap from_iter may lead to uninitialized memory being freed on drop

Due to a flaw in the constructor idmap::IdMap::fromiter, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of IdMap. Specifically, the field ids is initialized based on the capacity of the vector values, which is...

GHSA-77H3-W9RX-HJ3Q User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows

The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...

IdMap::from_iter may lead to uninitialized memory being freed on drop

Due to a flaw in the constructor idmap::IdMap::fromiter, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of IdMap. Specifically, the field ids is initialized based on the capacity of the vector values, which is...