607 matches found
CVE-2026-57243
During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...
CVE-2026-57243
During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...
CVE-2026-57243 Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability
During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...
CVE-2026-57243
CVE-2026-57243 affects Foxit PDF Editor/Reader. A JavaScript reentrancy during page opening and form formatting leads to an inconsistent document status and, with outdated page information, the application accesses invalid addresses, causing a crash. Current details describe the vulnerable operat...
EUVD-2026-42208
During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...
curl: Use-after-free in `mev_forget_socket` when `curl_easy_pause()` is called from a `CURL_POLL_REMOVE` socket callback (incomplete fix of CVE-2026-9080)
Summary libcurl's event interface lets the application's socket callback CURLMOPTSOCKETFUNCTION call curleasypause. CVE-2026-9080 was issued for a use-after-free that this triggers, and the fix added a post-callback re-fetch of the socket-hash entry in the UPDATE leg mevshentryupdate,...
Astra Linux – Vulnerability in Qemu
A reentrancy issue was discovered in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750. Just like in that case, when the reentrancy trigger the reset function nvmectrlreset, data structures will be freed, leading to a use-after-free vulnerability. A malicious...
Astra Linux – Vulnerability in Qemu
A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...
Astra Linux – Vulnerability in Qemu
A reentrancy issue related to DMA was discovered in the Tulip device emulation in QEMU. When Tulip reads from or writes to the rx/tx descriptor, or copies a rx/tx frame, it does not check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers...
Astra Linux – Vulnerability in Qemu
A double-free vulnerability was identified in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto. The memreentrancyguard flag does not provide sufficient protection against reentrancy issues related to DMA operations. This vulnerability could allow a malicious privileged guest user ...
Smart_Contract_Researcher_POC
Smart Contract Security Research Portfolio hailthelord...
CVE-2026-48066
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...
CVE-2026-46029
In the Linux kernel, CVE-2026-46029 describes a race within the slab allocator where kmalloc_nolock() called from NMI on uniprocessor (UP) configurations can re-enter the allocator and acquire n->list_lock that the interrupted context already holds, corrupting slab state and potentially causin...
PT-2026-44090
pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...
CVE-2026-X4992-Uniswap-PoC
CVE-2026-X4992: Uniswap V3 SwapRouter Reentrancy Vulnerability...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netsched: qfq: A double addition of a classifier was corrected in the class, where netem is a child qdisc. As described in Gerrard’s report 1, there are use cases where a netem child qdisc can make the parent qdisc’s enqueue...
php-8.5.5-var_destroy-uaf
PHP 8.5.5 — vardestroy destruct reentrancy UAF Siste...
curl: Use-after-free in `curl_easy_ssls_export()` during callback re-entrancy
Summary: curleasysslsexport iterates the SSL session list and invokes a caller-provided callback for each entry. If that callback calls curleasysslsimport on the same easy handle, the import path can evict and free the current session node while the export loop still holds it. The subsequent...
CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future
Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...
GHSA-XJHV-V822-PF94 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future
The affected versions of Wasmtime can panic if the host embedder drops the future returned by wasmtime::component::TypedFunc::callasync before it resolves. Details Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of...