CVE-2026-27639

CVE-2026-27639 concerns Mercator, an open‑source web app for mapping information systems. A stored XSS exists in versions prior to 2026.02.22 due to unescaped Blade directives ({!! !!}) in display templates. An authenticated user with the User role can inject JavaScript into fields like “contact ...

Cisco NX-OS Software 安全漏洞

Cisco NX-OS Software is a data center-level operating system software used by switches from the American company Cisco. There are security vulnerabilities in Cisco NX-OS Software, which stem from improper handling of specific fields in LLDP frames. These vulnerabilities may lead to unexpected...

PT-2026-21860

Name of the Vulnerable Software and Affected Versions SPIP interface traduction objets plugin versions prior to 2.2.2 SPIP interface traduction objets plugin versions 2.2.2 through 4.3.3 Description The SPIP interface traduction objets plugin contains an authenticated remote code execution issue ...

SPIP interface_traduction_objets 安全漏洞

SPIP interfacetraductionobjets is an extension plugin developed by SPIP Inc. Versions of SPIP interfacetraductionobjets prior to 2.2.2 contained a security vulnerability. This vulnerability stemmed from the translation interface workflow merging untrusted request data into hidden form fields, whi...

UBUNTU-CVE-2026-27572

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...

CVE-2026-27572 Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...

CVE-2026-27572

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...

CVE-2026-27572 Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...

CVE-2026-27572 Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...

CVE-2026-27572

Wasmtime (WebAssembly runtime) is affected by CVE-2026-27572 in the wasi:http/types.fields implementation. Prior to patched releases (Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0), the wasmtime-wasi-http crate uses a data structure that panics when the headers field set becomes excessively...

CVE-2026-27572

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http...

GHSA-243V-98VX-264H Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance

Impact Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http crate is backed by a data structure which panics when it reaches excessive capacity and this...

Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance

Impact Wasmtime's implementation of the wasi:http/types.fields resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the wasmtime-wasi-http crate is backed by a data structure which panics when it reaches excessive capacity and this...

RUSTSEC-2026-0021 Panic adding excessive fields to a `wasi:http/types.fields` instance

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h For more information see the GitHub-hosted security advisory...

Panic adding excessive fields to a `wasi:http/types.fields` instance

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h For more information see the GitHub-hosted security advisory...

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0 contain security vulnerabilities. These vulnerabilities stem from the wasi:http/types Fields resource implementation, where excessive header...

Novarain/Tassos Framework, , SQL Injection

allow SQL injection and unauthenticated file reads. Attackers can chain these issues for administrator takeover and remote code execution on unpatched systems. Affected extensions include Convert Forms, EngageBox, Google Structured Data, Advanced Custom Fields, and Smile Pack, all relying on the...

Prototype Pollution

@trpc/server is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of FormData field names in the formDataToObject function, which allows an attacker to submit specially crafted fields that pollute Object.prototype and potentially cause authorization bypass or denial...

CVE-2026-27492

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...

CVE-2026-2907 Tenda HG9 GPON Configuration Endpoint formgponConf stack-based overflow

A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgponloid/fmgponloidpassword causes stack-based buffer overflow...