Smart_Contract_Researcher_POC

Smart Contract Security Research Portfolio hailthelord...

CVE-2026-48066

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

CVE-2026-46029

In the Linux kernel, CVE-2026-46029 describes a race within the slab allocator where kmalloc_nolock() called from NMI on uniprocessor (UP) configurations can re-enter the allocator and acquire n->list_lock that the interrupted context already holds, corrupting slab state and potentially causin...

PT-2026-44090

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

CVE-2026-X4992-Uniswap-PoC

CVE-2026-X4992: Uniswap V3 SwapRouter Reentrancy Vulnerability...

Astra Linux - уязвимость в qemu

A double-free vulnerability was identified in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto. The memreentrancyguard flag does not provide sufficient protection against reentrancy issues related to DMA operations. This vulnerability could allow a malicious privileged guest user ...

Astra Linux - уязвимость в qemu

A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...

Astra Linux - уязвимость в qemu

A reentrancy issue related to DMA was discovered in the Tulip device emulation in QEMU. When Tulip reads from or writes to the rx/tx descriptor, or copies a rx/tx frame, it does not check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers...

Astra Linux - уязвимость в qemu

A reentrancy issue was discovered in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750. Just like in that case, when the reentrancy trigger the reset function nvmectrlreset, data structures will be freed, leading to a use-after-free vulnerability. A malicious...

php-8.5.5-var_destroy-uaf

PHP 8.5.5 — vardestroy destruct reentrancy UAF Siste...

curl: Use-after-free in `curl_easy_ssls_export()` during callback re-entrancy

Summary: curleasysslsexport iterates the SSL session list and invokes a caller-provided callback for each entry. If that callback calls curleasysslsimport on the same easy handle, the import path can evict and free the current session node while the export loop still holds it. The subsequent...

CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

GHSA-XJHV-V822-PF94 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future

The affected versions of Wasmtime can panic if the host embedder drops the future returned by wasmtime::component::TypedFunc::callasync before it resolves. Details Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of...

Abi-smuggling-exploit

Web3 Security Research Portfolio A collection of smart contra...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37914)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37914 advisory. - In the Linux kernel, the following vulnerability has been resolved: netsched: ets: Fix double list add in...

MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2024-8876:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8876:01 advisory. QEMU: virtio: DMA reentrancy issue leads to double free vulnerability CVE-2024-3446 QEMU: Denial of Service via Improper Synchronization in QEMU NBD...

MiracleLinux 9 : qemu-kvm-8.0.0-16.el9.1.ML.1 (AXSA:2023-7001:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7001:07 advisory. QEMU: hcd-ehci: DMA reentrancy issue incomplete fix for CVE-2021-3750 CVE-2023-2680 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : qemu-kvm-7.0.0-13.el9 (AXSA:2023-4972:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4972:01 advisory. QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free CVE-2021-3750 QEMU: fdc: heap buffer overflow in DMA read data transfers CVE-2021-3507...

Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.7. Fixes in 3.13.7: gh-137583: Fix a deadlock introduced in 3.13.6 when a call to ssl.SSLSocket.recv was blocked in one thread, and then another method on the object such as ssl.SSLSocket.send was subsequently called in...

CLSA-2025-1760021660 qemu-kvm: Fix of 3 CVEs

CVE-2021-3750: fix for DMA reentrancy use-after-free - CVE-2023-2680: final fix for CVE-2021-3750 - CVE-2023-0330: fix reentrancy in LSI53c895a SCSI controller...