| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41898 | rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer | rust-openssl | rust-openssl | - | - | 2026-04-24 17:20:38 | Deep Dive |
| CVE-2026-41681 | rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check | rust-openssl | rust-openssl | - | - | 2026-04-24 17:19:15 | Deep Dive |
| CVE-2026-41678 | rust-openssl: Incorrect bounds assertion in aes key wrap | rust-openssl | rust-openssl | - | - | 2026-04-24 17:18:27 | Deep Dive |
| CVE-2026-41677 | rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length | rust-openssl | rust-openssl | - | - | 2026-04-24 17:17:18 | Deep Dive |
| CVE-2026-41676 | rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 | rust-openssl | rust-openssl | - | - | 2026-04-24 17:16:21 | Deep Dive |
| CVE-2026-35457 | libp2p-rust has unbounded rendezvous DISCOVER cookies enable remote memory exhaustion | libp2p | rust-libp2p | High | 8.2 | 2026-04-07 14:22:20 | Deep Dive |
| CVE-2026-35405 | libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers | libp2p | rust-libp2p | High | 7.5 | 2026-04-07 14:21:15 | Deep Dive |
| CVE-2026-34219 | libp2p-gossipsub: Gossipsub PRUNE Backoff Heartbeat Instant Overflow | libp2p | rust-libp2p | - | - | 2026-03-31 15:47:32 | Deep Dive |
| CVE-2026-33040 | libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow | libp2p | rust-libp2p | 中危 | - | 2026-03-20 05:46:42 | Deep Dive |
| CVE-2026-32314 | Yamux remote Panic via malformed Data frame with SYN set and len = 262145 | libp2p | rust-yamux | - | - | 2026-03-13 19:53:09 | Deep Dive |
| CVE-2026-31814 | Yamux remote Panic via malformed WindowUpdate credit | libp2p | rust-yamux | 中危 | - | 2026-03-13 19:19:42 | Deep Dive |
| CVE-2025-66622 | matrix-sdk-base is vulnerable to DoS via custom m.room.join_rules event values | matrix-org | matrix-rust-sdk | - | - | 2025-12-09 02:07:19 | Deep Dive |
| CVE-2025-11695 | Configuration may unexpectedly disable certificate validation | MongoDB | Rust Driver | High | 8.0 | 2025-10-13 16:22:57 | Deep Dive |
| CVE-2025-62162 | cel-rust May Panic During Parsing of Invalid CEL Expressions | cel-rust | cel-rust | High | 7.5 | 2025-10-10 22:25:42 | Deep Dive |
| CVE-2025-11233 | Rust standard library didn't detect all path separators on Cygwin | Rust Project | std | - | - | 2025-10-01 16:49:50 | Deep Dive |
| CVE-2025-59047 | matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method | matrix-org | matrix-rust-sdk | - | - | 2025-09-11 18:03:50 | Deep Dive |
| CVE-2025-53549 | Matrix Rust SDK allows SQL injection in the EventCache implementation | matrix-org | matrix-rust-sdk | - | - | 2025-07-10 18:28:24 | Deep Dive |
| CVE-2025-53359 | ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions | rust-ethereum | ethereum | - | - | 2025-07-02 15:55:18 | Deep Dive |
| CVE-2025-48937 | matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator | matrix-org | matrix-rust-sdk | Medium | 4.9 | 2025-06-10 15:32:01 | Deep Dive |
| CVE-2024-12224 | idna accepts Punycode labels that do not produce any non-ASCII when decoded | servo | rust-url | - | - | 2025-05-30 01:16:48 | Deep Dive |