Linux Distros Unpatched Vulnerability : CVE-2026-27572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields...

CVE-2026-27572 vulnerabilities

Vulnerabilities for packages: zellij, yara-x, wasmcloud, wizer, zed...

CVE-2026-27572 vulnerabilities

Vulnerabilities for packages: zellij, yara-x, wasmcloud, wizer, zed...

CVE-2026-27572

creationtimestamp| type| source ---|---|--- 2026-02-25 01:07:57+00:00| seen| https://gist.github.com/alon710/bd9bec3189f368306143b31543aba768 2026-02-25 18:16:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfpc366gkj2d...

CVE-2026-27572

A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows an attacker to cause a Denial of Service DoS by sending an excessive number of HTTP header fields. The Wasmtime implementation of the wasi:http/types.fields resource does not gracefully handle this condition, leadi...

CVE-2026-27572 Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27572 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27572 Source advisory: OSV:GHSA-243V-98VX-264H...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27572 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27572 Source advisory: OSV:RUSTSEC-2026-0021...

CVE-2025-27572

Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access...

CVE-2025-27572

creationtimestamp| type| source ---|---|--- 2026-02-11 13:17:13+00:00| published-proof-of-concept| https://t.me/truesecator/7898...

CVE-2021-27572

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set...

CVE-2022-27572

Heap-based buffer overflow vulnerability in parseripma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers...

CVE-2023-27572

An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18041520711.NCS.10. A reflected XSS vulnerability was discovered in the httpsredirect.php web page via the page parameter...

CVE-2024-27572

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-27572

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-27572

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-27572

CVE-2024-27572 affects LBT T300-T390 v2.2.1.8, where a stack overflow in updateCurAPlist via the ApCliSsid parameter can be triggered by a crafted POST request, causing Denial of Service (DoS). Public documents consistently describe a stack overflow in ApCliSsid affecting the device and do not pr...

CVE-2023-27572

creationtimestamp| type| source ---|---|--- 2023-04-15 07:26:22+00:00| seen| https://t.me/cibsecurity/62207...

CVE-2023-27572

An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18041520711.NCS.10. A reflected XSS vulnerability was discovered in the httpsredirect.php web page via the page parameter...

CVE-2023-27572

CVE-2023-27572 concerns the CommScope Arris DG3450 Cable Gateway (AR01.02.056.18_041520_711.NCS.10). A reflected XSS vulnerability exists in the https_redirect.php page exposed via the page parameter. Affected component is the web page handling user input; under the provided data the CVSS base me...