Search Vulnerabilities

`dnp3times` was removed from crates.io due to malicious code

zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards

zeptoclaw has Android device shell blocklist bypass via argument permutation

`time_calibrators` was removed from crates.io due to malicious code

Lemmy has unauthenticated SSRF via file_type query parameter injection in image endpoint

`time_calibrator` was removed from crates.io due to malicious code

neqo-qpack has iInteger overflow in qpack dynamic table indexing

Vaultwarden has Unauthorized Access via Partial Update API on Another User’s Cipher

Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role

Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager

Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

AWS-LC has PKCS7_verify Signature Validation Bypass

AWS-LC has Timing Side-Channel in AES-CCM Tag Verification

AWS-LC has PKCS7_verify Certificate Chain Validation Bypass

aws-kms-tls-auth vulnerable to memory overallocation

`tracing-check` was removed from crates.io for malicious code

theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution

Hive has Double-free and Use After Free Vulnerabilities

uv has ZIP payload obfuscation through parsing differentials

Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover