13 matches found
CVE-2026-5061
The affected software is consul-template. Before version 0.42.0, the library’s file template helper is vulnerable to a sandbox path bypass that may allow reading an out-of-sandbox file. The underlying issue is a path bypass in the file template helper, enabling access outside the intended sandbox...
📄 V8 Sandbox Bypass: BigInt Division Memory Corruption
This is a variant of crbug.com/474041332. The issue there was that MultiplyFFT, an optimized version of integer multiplication for very large inputs, is not robust against concurrent modification of its input buffers, but was called from ProcessorImpl::FromStringLarge with a temporary buffer insi...
EUVD-2026-21023
Wasmtime segfault or unused out-of-sandbox load with f64x2.splat operator on x86-64...
CVE-2026-34944
Wasmtime (WebAssembly runtime) prior to versions 24.0.7, 36.0.7, 42.0.2, and 43.0.1 on x86-64 with SSE3 disabled could compile f64x2.splat via Cranelift in a way that loads 8 extra bytes. When signals-based traps are disabled this may cause an uncaught segfault from unmapped guard pages. With gua...
CVE-2026-34944 Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can resul...
CVE-2026-34944 Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can resul...
Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on Cranelift x86-64
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-qqfj-4vcm-26hv For more information see the GitHub-hosted security advisory...
CVE-2026-26268
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...
CVE-2026-24116
CVE-2026-24116 affects Wasmtime (WebAssembly runtime) on x86-64 with AVX. The Cranelift-based compilation of the f64.copysign instruction may load 8 bytes too many, potentially causing an uncaught segfault when signals-based-traps are disabled and loading from guard pages occurs. Affected version...
Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 For more information see the GitHub-hosted security advisory...
RUSTSEC-2026-0006 Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 For more information see the GitHub-hosted security advisory...
About the security content of watchOS 10.2
About the security content of watchOS 10.2 This document describes the security content of watchOS 10.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...
security flaw
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...