CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/04/13 11:26 p.m.•3 views

SUSE CVE-2026-34946

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture...

7.5CVSS5.8AI score0.00018EPSS

SUSE CVE•added 2026/04/10 11:25 p.m.•2 views

SUSE CVE-2026-34942

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...

6.5CVSS5.8AI score0.00018EPSS

OSV•added 2026/04/09 8:23 p.m.•3 views

GHSA-HFR4-7C6C-48W2 Wasmtime has use-after-free bug after cloning `wasmtime::Linker`

Impact In version 43.0.0 of the wasmtime crate, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. The typical symptom of this...

1CVSS5.8AI score0.00006EPSS

Exploits0References4

EUVD•added 2026/04/09 8:23 p.m.•2 views

EUVD-2026-21029

Wasmtime has use-after-free bug after cloning wasmtime::Linker...

1CVSS5.9AI score0.00006EPSS

OSV•added 2026/04/09 8:23 p.m.•1 views

GHSA-Q49F-XG75-M9XW Wasmtime has host panic when Winch compiler executes `table.fill`

Impact Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture, and cause the host to panic. This represents a denial-of-service vulnerability i...

7.5CVSS5.8AI score0.00018EPSS

Exploits0References4

OSV•added 2026/04/09 7:16 p.m.•2 views

DEBIAN-CVE-2026-34983

5CVSS5.4AI score0.00006EPSS

PyPA•added 2026/04/09 7:16 p.m.•6 views

PYSEC-2026-151

Exploits0References1Affected Software1

OSV•added 2026/04/09 7:16 p.m.•1 views

DEBIAN-CVE-2026-34946

7.5CVSS5.4AI score0.00018EPSS

NVD•added 2026/04/09 7:16 p.m.•4 views

CVE-2026-34983

5CVSS0.00006EPSS

OSV•added 2026/04/09 7:16 p.m.•3 views

PYSEC-2026-151

UbuntuCve•added 2026/04/09 7:16 p.m.•3 views

CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

6.5CVSS5.8AI score0.00014EPSS

Exploits0References2

UbuntuCve•added 2026/04/09 7:16 p.m.•4 views

CVE-2026-34988

Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the...

6.3CVSS5.8AI score0.00011EPSS

Exploits0References2

OSV•added 2026/04/09 7:16 p.m.•4 views

UBUNTU-CVE-2026-34988

6.3CVSS5.8AI score0.00011EPSS

UbuntuCve•added 2026/04/09 7:16 p.m.•4 views

CVE-2026-34983

OSV•added 2026/04/09 7:16 p.m.•3 views

Exploits0References2

UBUNTU-CVE-2026-34983

Vulnrichment•added 2026/04/09 6:54 p.m.•2 views

CVE-2026-35186 Wasmtime has an improperly masked return value from `table.grow` with Winch compiler backend

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the operator, internally i...

6.1CVSS5.7AI score0.00054EPSS