Lucene search
+L

98 matches found

github
github
added 2026/02/24 8:47 p.m.15 views

Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion

Impact Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested by the guests. This serves as a Denial of Service vector where a guest can induce a range of...

6.9CVSS6AI score0.00345EPSS
Exploits0References10Affected Software1
vulnersosv
vulnersosv
added 2026/02/24 8:47 p.m.4 views

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:GHSA-852M-CVVP-9P4W...

6.9CVSS5.4AI score0.00345EPSS
Exploits0
rustsec
rustsec
added 2026/02/24 12:0 p.m.9 views

Panic adding excessive fields to a `wasi:http/types.fields` instance

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h For more information see the GitHub-hosted security advisory...

7.5CVSS5.3AI score0.00466EPSS
Exploits0Affected Software1
vulnersosv
vulnersosv
added 2026/02/24 12:0 p.m.5 views

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:RUSTSEC-2026-0020...

6.9CVSS5.4AI score0.00345EPSS
Exploits0
osv
osv
added 2026/02/24 12:0 p.m.6 views

RUSTSEC-2026-0021 Panic adding excessive fields to a `wasi:http/types.fields` instance

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h For more information see the GitHub-hosted security advisory...

6.9CVSS5.4AI score0.00466EPSS
Exploits0References3
packetstormnews
packetstormnews
added 2026/01/03 12:0 a.m.20 views

MCP-SandboxScan: WASM-Based Secure Execution and Runtime Analysis for MCP Tools

Tool-augmented LLM agents raise new security risks: tool executions can introduce runtime-only behaviors, including prompt injection and unintended exposure of external inputs e.g., environment secrets or local files. While existing scanners often focus on static artifacts, analyzing runtime...

7AI score
Exploits0
ptsecurity
ptsecurity
added 2026/01/01 12:0 a.m.5 views

PT-2026-21806

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.6 Wasmtime versions prior to 36.0.6 Wasmtime version 4.0.04 Wasmtime versions prior to 41.0.4 Wasmtime versions prior to 42.0.0 Description Wasmtime's implementation of the wasi:http/types.fields resource is...

7.5CVSS5.2AI score0.00466EPSS
Exploits0References21
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-1924

Malicious code in bioql PyPI...

2.9CVSS6.3AI score0.002EPSS
Exploits0References4
packetstormnews
packetstormnews
added 2025/09/14 12:0 a.m.7 views

Exploring and Exploiting the Resource Isolation Attack Surface of WebAssembly Containers

Recently, the WebAssembly or Wasm technology has been rapidly evolving, with many runtimes actively under development, providing cross-platform secure sandboxes for Wasm modules to run as portable containers. Compared with Docker, which isolates applications at the operating system level, Wasm...

7AI score
Exploits0
nessus
nessus
added 2025/08/08 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-53901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions ca...

3.5CVSS5.6AI score0.00299EPSS
Exploits0References3
susecve
susecve
added 2025/07/24 11:22 p.m.3 views

SUSE CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

3.5CVSS6.8AI score0.00299EPSS
Exploits0References3
vulnersosv
vulnersosv
added 2025/07/18 7:50 p.m.3 views

auto-wasi (=0.1.0), deterministic-wasi-ctx (>=0.1.1 <=0.1.14) +53 more potentially affected by CVE-2025-53901 via wasmtime-wasi (>=0.10.0 <=1.0.2)

wasmtime-wasi CARGO version =0.10.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.5.0, =0.0.1-alpha, =0.1.0, =0.1.0, =0.1.0, =0.9.0, =0.9.0, =0.9.0, =0.7.0, =0.9.2 and more Source cves: CVE-2025-53901 Source advisory: OSV:GHSA-FM79-3F68-H2FC...

3.5CVSS5.8AI score0.00299EPSS
Exploits0
osv
osv
added 2025/07/18 6:15 p.m.6 views

UBUNTU-CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

3.5CVSS5.8AI score0.00299EPSS
Exploits0References7
vulnersosv
vulnersosv
added 2025/06/17 3:37 p.m.7 views

candid-extractor (>=0.1.0 <=0.1.2), debug-engine (>=0.1.0 <=0.1.1) +69 more potentially affected by unknown CVE via wasmtime-jit-debug (>=0.35.0 <=1.0.2)

wasmtime-jit-debug CARGO version =0.35.0, =0.1.0, =0.1.0, =0.1.3, =0.4.0, =0.4.0, =0.5.0, =0.0.1-alpha, =0.0.6, =0.11.0, =0.9.0, =0.9.0, =0.9.0, =0.10.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9GHP-W2HM-VFPF...

5.8AI score
Exploits0
ossf
ossf
added 2025/06/15 8:1 p.m.2 views

Malicious code in wasm-wasi-core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 320ad464f0780881fe134c1e9990c2e1a180a2ab4b6b103e26439d8861709021 Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
osv
osv
added 2025/06/15 8:1 p.m.1 views

MAL-2025-5067 Malicious code in wasm-wasi-core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 320ad464f0780881fe134c1e9990c2e1a180a2ab4b6b103e26439d8861709021 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
vulnersosv
vulnersosv
added 2024/11/05 12:0 p.m.4 views

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +93 more potentially affected by CVE-2024-51756 via cap-primitives (>=0.10.0 <=3.0.0)

cap-primitives CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.3.0, =0.1.0, =0.7.0, =1.0.11, =0.1.0, =0.1.1, =0.1.0, =0.3.0, =0.5.2, =0.1.1, =0.1.0, =0.1.0, =0.2.3 and more Source cves: CVE-2024-51756 Source advisory: OSV:RUSTSEC-2024-0445...

2.3CVSS5.8AI score0.0056EPSS
Exploits0
vulnersosv
vulnersosv
added 2024/11/02 12:0 p.m.10 views

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2024-51745 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2024-51745 Source advisory: OSV:RUSTSEC-2024-0438...

10CVSS5.4AI score0.00812EPSS
Exploits0
vulnersosv
vulnersosv
added 2024/10/24 12:0 p.m.4 views

b4ae (>=2.0.0 <=2.1.3), clatter (>=0.1.2-alpha <=2.0.0-rc.1) +26 more potentially affected by unknown CVE via pqcrypto-kyber (>=0.1.2 <=0.8.1)

pqcrypto-kyber CARGO version =0.1.2, =2.0.0, =0.1.2-alpha, =0.1.4, =0.1.1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.5.0 - qux-pqc =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0381...

5.5AI score
Exploits0
osv
osv
added 2024/07/26 4:53 p.m.5 views

MAL-2025-1004 Malicious code in wasi8787878 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e7e8dad2dca9000e3bd94355a78838c2c9448aac766722cfd54aba1fc5c2cd43 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
Rows per page
Query Builder