Symbol confusion after hasher panic in `intaglio` interners

Affected versions of this crate can leave all SymbolTable variants in an internally inconsistent state if a custom BuildHasher panics during HashMap::insert and the caller recovers with catchunwind. The intern implementations committed a vec.push... before the matching map.insert... completed. If...

arlbench (=0.1.3), backend-ai-appproxy-coordinator (>=25.13.0 <=26.4.4rc6) +3 more potentially affected by CVE-2026-32722 via memray (>=1.12.0 <=1.17.2)

memray PYPI version =1.12.0, =25.13.0, =25.13.0, =26.2.0, =26.4.4rc6 - feluda-image-vec-rep-resnet =0.1.0 Source cves: CVE-2026-32722 Source advisory: SNYK:PYTHON-MEMRAY-15763582...

CVE-2026-24889

soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions up to and including 25.0.1, 23.5.1, and 25.0.2. Contracts that pass user-controlled or computed range bounds to...

Unity Linux 20.1060a Security Update: kernel (UTSA-2025-993202)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993202 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as...

Unity Linux 20.1060e Security Update: kernel (UTSA-2025-992475)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992475 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991121)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991121 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATARESET We found a hungtask bug in testaeadveccfg as...

GHSA-WWXP-HXH6-8GF8 binary_vec_io access memory out-of-bounds in binary_read_to_ref and binary_write_from_ref

Safe functions accept a single &T or &mut T but multiply by n to create slices extending beyond allocated memory when n 1. These functions use fromrawparts to create slices larger than the underlying allocation, violating memory safety. The binaryvecio repository is archived and unmaintained...

orx-concurrent-bag (>=1.0.0 <=1.16.0), orx-concurrent-iter (>=1.0.0 <=1.22.1) +9 more potentially affected by unknown CVE via orx-pinned-vec (>=0.1.1 <=2.12.0)

orx-pinned-vec CARGO version =0.1.1, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.6.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =0.6.0, =2.14.0 Source cves: unknown CVE Source advisory: OSV:GHSA-H5J3-CRG5-8JQM...

orx-pinned-vec has undefined behavior in index_of_ptr with empty slices

The safe function indexofptr causes undefined behavior when called with an empty slice. The issue occurs in the line ptr.addslice.len - 1 which underflows when slice.len is 0, creating a pointer with a massive offset. According to Rust's safety rules, creating such a pointer causes immediate...

mirror_sparse_matrix (>=0.1.1 <=0.1.17) potentially affected by unknown CVE via binary_vec_io (=0.1.12)

binaryvecio CARGO version =0.1.12 is affected by a known vulnerability. The following packages have a transitive dependency on binaryvecio and may be impacted: - mirrorsparsematrix =0.1.1, =0.1.17 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0109...

orx-concurrent-bag (>=1.0.0 <=1.16.0), orx-concurrent-iter (>=1.0.0 <=1.22.1) +9 more potentially affected by unknown CVE via orx-pinned-vec (>=0.1.1 <=2.12.0)

orx-pinned-vec CARGO version =0.1.1, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.6.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =0.6.0, =2.14.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0106...

SUSE CVE-2025-40009

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: check p-vecbuf for NULL When the PAGEMAPSCAN ioctl is invoked with veclen = 0 reaches pagemapscanbackoutrange, kernel panics with null-ptr-deref: 44.936808 Oops: general protection fault, probably for non-canonic...

EUVD-2025-35071

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: check p-vecbuf for NULL When the PAGEMAPSCAN ioctl is invoked with veclen = 0 reaches pagemapscanbackoutrange, kernel panics with null-ptr-deref: 44.936808 Oops: general protection fault, probably for non-canonic...

CVE-2025-40009

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: check p-vecbuf for NULL When the PAGEMAPSCAN ioctl is invoked with veclen = 0 reaches pagemapscanbackoutrange, kernel panics with null-ptr-deref: 44.936808 Oops: general protection fault, probably for non-canonic...

UBUNTU-CVE-2025-40009

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: check p-vecbuf for NULL When the PAGEMAPSCAN ioctl is invoked with veclen = 0 reaches pagemapscanbackoutrange, kernel panics with null-ptr-deref: 44.936808 Oops: general protection fault, probably for non-canonic...

CVE-2025-40009

CVE-2025-40009 : In the Linux kernel, a null pointer dereference can occur in the PAGEMAP_SCAN path when vec_len = 0 is used. The root cause is an unchecked p-&gt;vec_buf in the PAGEMAP_SCAN flow, which leads to dereferencing NULL in pagemap_scan_backout_range(). The issue is fixed by explicitly ...

EUVD-2021-1801

Malware in sbrugna...

EUVD-2025-4901

Malicious code in bioql PyPI...

EUVD-2025-26409

Malicious code in bioql PyPI...

EUVD-2022-0737

Malicious code in bioql PyPI...