Lucene search
+L

13 matches found

CVE
CVE
added 2026/05/12 1:58 p.m.19 views

CVE-2026-5061

The affected software is consul-template. Before version 0.42.0, the library’s file template helper is vulnerable to a sandbox path bypass that may allow reading an out-of-sandbox file. The underlying issue is a path bypass in the file template helper, enabling access outside the intended sandbox...

4.7CVSS5.8AI score0.00109EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/17 12:0 a.m.132 views

📄 V8 Sandbox Bypass: BigInt Division Memory Corruption

This is a variant of crbug.com/474041332. The issue there was that MultiplyFFT, an optimized version of integer multiplication for very large inputs, is not robust against concurrent modification of its input buffers, but was called from ProcessorImpl::FromStringLarge with a temporary buffer insi...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/04/09 8:22 p.m.6 views

EUVD-2026-21023

Wasmtime segfault or unused out-of-sandbox load with f64x2.splat operator on x86-64...

4.1CVSS5.9AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 6:38 p.m.15 views

CVE-2026-34944

Wasmtime (WebAssembly runtime) prior to versions 24.0.7, 36.0.7, 42.0.2, and 43.0.1 on x86-64 with SSE3 disabled could compile f64x2.splat via Cranelift in a way that loads 8 extra bytes. When signals-based traps are disabled this may cause an uncaught segfault from unmapped guard pages. With gua...

5.7CVSS5.9AI score0.00227EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 6:38 p.m.5 views

CVE-2026-34944 Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can resul...

4.1CVSS5.8AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 6:38 p.m.3 views

CVE-2026-34944 Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can resul...

4.1CVSS5.9AI score0.00227EPSS
Exploits0References3
RustSec
RustSec
added 2026/04/09 12:0 p.m.10 views

Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on Cranelift x86-64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-qqfj-4vcm-26hv For more information see the GitHub-hosted security advisory...

5.7CVSS5.9AI score0.00227EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/02/13 5:16 p.m.12 views

CVE-2026-26268

Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent ie prompt injection could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time th...

9.9CVSS0.0049EPSS
Exploits0References1
CVE
CVE
added 2026/01/27 6:58 p.m.17 views

CVE-2026-24116

CVE-2026-24116 affects Wasmtime (WebAssembly runtime) on x86-64 with AVX. The Cranelift-based compilation of the f64.copysign instruction may load 8 bytes too many, potentially causing an uncaught segfault when signals-based-traps are disabled and loading from guard pages occurs. Affected version...

5.5CVSS5.8AI score0.00214EPSS
Exploits0References8Affected Software1
RustSec
RustSec
added 2026/01/26 12:0 p.m.10 views

Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 For more information see the GitHub-hosted security advisory...

5.5CVSS5.9AI score0.00214EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/01/26 12:0 p.m.4 views

RUSTSEC-2026-0006 Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 For more information see the GitHub-hosted security advisory...

4.1CVSS5.9AI score0.00214EPSS
Exploits0References3
Apple
Apple
added 2023/12/11 12:0 a.m.46 views

About the security content of watchOS 10.2

About the security content of watchOS 10.2 This document describes the security content of watchOS 10.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...

8.8CVSS9.1AI score0.17823EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2006/07/28 11:22 p.m.6 views

security flaw

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...

9.3CVSS7.4AI score0.02753EPSS
Exploits0References4
Rows per page
Query Builder