2121 matches found
CVE-2026-55782
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against...
CVE-2026-55783
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...
CVE-2026-55783
NanaZip (a 7‑Zip derivative) is affected prior to version 6.5.1749.0. The in‑house IInArchive handlers in NanaZip.Codecs dereference the caller‑supplied Indices array during Extract when Indices is NULL and NumItems is 0xFFFFFFFF, in the code path for a full archive extraction (Test or Extract al...
EUVD-2026-42955
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...
CVE-2026-55783 NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...
CVE-2026-55782
NanaZip (a 7-Zip derivative) is affected by an unbounded memory allocation vulnerability in its WebAssembly archive handler (NanaZip.Codecs.Archive.WebAssembly.cpp). The issue arises when buffers are allocated from attacker-controlled 32-bit section and custom-name length fields without cross-che...
Linux Distros Unpatched Vulnerability : CVE-2026-54786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3;...
UBUNTU-CVE-2026-54786
Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...
CVE-2026-54786
Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...
CVE-2026-58592
Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...
CVE-2026-54786 Wasmtime: Leak in WASIp1 `fd_renumber` implementation
Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...
EUVD-2026-41130
Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...
CVE-2026-58592 Ladybird - Web-Reachable Code Execution via Dangling FunctionType Reference in WebAssembly ESM Integration
Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...
CVE-2026-58592
Vulnerability summary (CVE-2026-58592, Ladybird): A dangling-reference memory-safety flaw in Ladybird’s WebAssembly ESM integration loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference...
CVE-2026-58592
Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...
CVE-2026-12321
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript: WebAssembly component...
Astra Linux – Vulnerability in Firefox, Thunderbird
A use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
SUSE CVE-2026-12321
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12321
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
UBUNTU-CVE-2026-12321
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...