Lucene search
K

2121 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-55782

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against...

2.4CVSS0.00113EPSS
Exploits0References5
NVD
NVD
added 3 days ago7 views

CVE-2026-55783

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS0.00112EPSS
Exploits0References3
CVE
CVE
added 3 days ago7 views

CVE-2026-55783

NanaZip (a 7‑Zip derivative) is affected prior to version 6.5.1749.0. The in‑house IInArchive handlers in NanaZip.Codecs dereference the caller‑supplied Indices array during Extract when Indices is NULL and NumItems is 0xFFFFFFFF, in the code path for a full archive extraction (Test or Extract al...

2.4CVSS6.1AI score0.00112EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42955

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS6.1AI score0.00112EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-55783 NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS0.00112EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-55782

NanaZip (a 7-Zip derivative) is affected by an unbounded memory allocation vulnerability in its WebAssembly archive handler (NanaZip.Codecs.Archive.WebAssembly.cpp). The issue arises when buffers are allocated from attacker-controlled 32-bit section and custom-name length fields without cross-che...

2.4CVSS6.1AI score0.00113EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3;...

5CVSS5.9AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

UBUNTU-CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

5CVSS5.7AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 9:17 p.m.7 views

CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

5CVSS0.00217EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 8:17 p.m.5 views

CVE-2026-58592

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...

8.9CVSS0.00311EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 8:12 p.m.37 views

CVE-2026-54786 Wasmtime: Leak in WASIp1 `fd_renumber` implementation

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

2.3CVSS0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 7:27 p.m.8 views

EUVD-2026-41130

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...

8.9CVSS6.4AI score0.00311EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 7:27 p.m.35 views

CVE-2026-58592 Ladybird - Web-Reachable Code Execution via Dangling FunctionType Reference in WebAssembly ESM Integration

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...

8.9CVSS0.00311EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 7:27 p.m.21 views

CVE-2026-58592

Vulnerability summary (CVE-2026-58592, Ladybird): A dangling-reference memory-safety flaw in Ladybird’s WebAssembly ESM integration loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference...

8.9CVSS6.4AI score0.00311EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:27 p.m.6 views

CVE-2026-58592

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...

8.9CVSS6.4AI score0.00311EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 8:16 a.m.7 views

CVE-2026-12321

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript: WebAssembly component...

5.4CVSS5.8AI score0.00159EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in Firefox, Thunderbird

A use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS6.1AI score0.00384EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.8 views

SUSE CVE-2026-12321

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00159EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 1:16 p.m.16 views

CVE-2026-12321

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS0.00159EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 1:16 p.m.4 views

UBUNTU-CVE-2026-12321

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.4CVSS5.8AI score0.00159EPSS
Exploits0References3
Rows per page
Query Builder