968 matches found
JunoClaw 输入验证错误漏洞
JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the uploadwasm MCP tool accepting file system paths provided by the proxy without...
CVE-2026-8257
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The explo...
GHSA-FFH4-J6H5-PG66 VM2 Has a WASM Sandbox Escape
Summary Full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. Details Confirmed on: vm2 3.10.4, Node.js v25.6.1 x64 Linux Trigger: Attacker-controlled code passed to VM.run Requires: Node.js...
NPM: VM2 Has a WASM Sandbox Escape (Node 25 only)
NPM: VM2 Has a WASM Sandbox Escape Node 25 only vulnerability discovered by ? in WordPress Npm vm2 versions 3.10.4...
CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only)
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...
CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only)
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...
CLSA-2026-1777543457 webkit2gtk3: Fix of 9 CVEs
Update to 2.50.6 to fix the following vulnerabilities WSA-2026-0001: - CVE-2025-43213: type confusion in JavaScriptCore fixed in 2.50.5 - CVE-2025-43214: out-of-bounds read in WebCore fixed in 2.50.5 - CVE-2025-43457: integer overflow in WebKit canvas rendering fixed in 2.50.6 - CVE-2025-43511:...
GHSA-82J2-J2CH-GFR8 vulnerabilities
Vulnerabilities for packages: uv, sqlx, sentry-cli, xh, nushell, shadowsocks-rust, ztunnel, cargo-audit, tealdeer, kdash, wasm-pack, zellij, ntpd-rs, linkerd2-proxy, mise, garage, linkerd-extension-init, linkerd2-cni-plugin, pixi, parseable, linkerd-network-validator, sccache, zola, ztunnel-fips,...
Exploit for CVE-2026-30368
CVE-2026-30368 Proof of concept Introduction CVE-2026-3036...
GHSA-XGP8-3HG3-C2MH vulnerabilities
Vulnerabilities for packages: linkerd2-proxy, linkerd-extension-init, wasmtime, shadowsocks-rust, atuin, tealdeer, sccache, rye, parseable, wasm-pack, ntpd-rs, xh, rustup, pixi, deno, ztunnel, cargo-audit, lychee, wasmcloud, uv, py3-xet-core, buck2, zellij, berg, linkerd2, kdash, sqlx, zola,...
GHSA-965H-392X-2MH5 vulnerabilities
Vulnerabilities for packages: linkerd2-proxy, linkerd-extension-init, wasmtime, shadowsocks-rust, atuin, tealdeer, sccache, rye, parseable, wasm-pack, ntpd-rs, xh, rustup, pixi, deno, ztunnel, cargo-audit, lychee, wasmcloud, uv, py3-xet-core, buck2, zellij, berg, linkerd2, kdash, sqlx, zola,...
GHSA-965H-392X-2MH5 vulnerabilities
Vulnerabilities for packages: uv, sqlx, sentry-cli, xh, shadowsocks-rust, ztunnel, cargo-audit, tealdeer, kdash, wasm-pack, zellij, ntpd-rs, linkerd2-proxy, mise, garage, linkerd-extension-init, linkerd2-cni-plugin, pixi, parseable, linkerd-network-validator, sccache, zola, ztunnel-fips, berg,...
GHSA-XGP8-3HG3-C2MH vulnerabilities
Vulnerabilities for packages: uv, sqlx, sentry-cli, xh, shadowsocks-rust, ztunnel, cargo-audit, tealdeer, kdash, wasm-pack, zellij, ntpd-rs, linkerd2-proxy, mise, garage, linkerd-extension-init, linkerd2-cni-plugin, pixi, parseable, linkerd-network-validator, sccache, zola, ztunnel-fips, berg,...
SUSE CVE-2026-34987
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...
Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access
Impact Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch compiler -Ccompiler=winch. By default, Wasmtime uses its Cranelift backend, not...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-35195 via wasmtime (>=0.10.0 <=1.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-35195 Source advisory: OSV:GHSA-394W-HWHG-8VGM...
Wasmtime has host data leakage with 64-bit tables and Winch
Impact Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the host's stack to WebAssembly guests. The host's stack can possibly contain sensitive...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-34944 via wasmtime (>=0.10.0 <=1.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-34944 Source advisory: OSV:GHSA-QQFJ-4VCM-26HV...
auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-34943 via wasmtime (>=0.10.0 <=1.0.2)
wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-34943 Source advisory: OSV:GHSA-M758-WJHJ-P3JQ...
CVE-2026-34987
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...