CVE-2026-34944 Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can resul...

UBUNTU-CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

Calibre 代码问题漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer in India. It serves as a comprehensive e-book reading management and format conversion tool. Prior to Calibre 9.6.0, there were code-related vulnerabilities. These vulnerabilities stemmed from a server-side reques...

Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64

On x86-64 platforms with AVX Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled...

CVE-2025-58484

Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox...

CVE-2025-58484

Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox...

CVE-2025-58484

Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox...

CVE-2025-58484

CVE-2025-58484 affects Samsung Cloud Assistant prior to 8.0.03.8. The root cause is incorrect default permissions, enabling a local attacker to access partial data in the sandbox. Impact is local sandbox exposure. Remediation: upgrade to 8.0.03.8 or later.

CVE-2025-58484

Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox...

PT-2025-48602

Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox...

SAMSUNG Cloud Assistant 安全漏洞

SAMSUNG Cloud Assistant is a component of Samsung South Korea that manages and coordinates data synchronization between devices and Samsung Cloud Services. A security vulnerability exists in SAMSUNG Cloud Assistant versions prior to 8.0.03.8, which stems from improperly set default permissions, a...

EUVD-2015-5695

Malware in sbrugna...

EUVD-2023-46986

Malicious code in bioql PyPI...

EUVD-2023-47002

Malicious code in bioql PyPI...

Metabase 0.44.x < 0.44.7 / 0.45.x < 0.45.4 / 0.46.x < 0.46.3 / 1.44.x < 1.44.7 / 1.45.x < 1.45.4 / 1.46.x < 1.46.3

The version of Metabase installed on the remote host is affected by an access control vulnerability. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that...

CVE-2023-42569

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji...

CVE-2023-42553

Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email...

PT-2025-2135 · WordPress · Sandbox

Name of the Vulnerable Software and Affected Versions: The Sandbox plugin for WordPress versions up to, and including, 0.4 Description: The issue arises from a missing capability check on the export download action, allowing authenticated attackers with Subscriber-level access and above to downlo...

CVE-2023-42569

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji...

CVE-2023-42569

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji...