Latest News

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r7qv-8r2h-pg27. This link is maintained to preserve external references. ### Original Description The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7g9j-g5jg-3vv3. This link is maintained to preserve external references. ### Original Description The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gmm-6m36-r7jh. This link is maintained to preserve external references. ### Original Description The transpose crate before 0.2.3 for Rust allows an integer overflow via input_width and input_height arguments.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references. ### Original Description The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references. ### Original Description The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x4gp-pqpj-f43q. This link is maintained to preserve external references. ### Original Description The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8724-5xmm-w5xq. This link is maintained to preserve external references. ### Original Description The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations.

Arizona woman jailed 8.5 years for aiding North Korea's $17 million IT job scam, defrauding over 300 US companies. Learn how to protect your business from such sophisticated cybersecurity threats.

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The vulnerability stems from the local_python_executor.py module, which inadequately restricts Python code execution despite employing static and dynamic checks. Attackers can exploit whitelisted modules and functions to execute arbitrary code, compromising the host system. This flaw undermines the core security boundary intended to isolate untrusted code, posing risks such as unauthorized code execution, data leakage, and potential integration-level compromise. The issue is resolved in version 1.17.0.

Cybersecurity researchers at CloudSEK’s STRIKE team used facial recognition and GPS data to expose a massive, over $2…