Lucene search
K

74105 matches found

RedhatCVE
RedhatCVE
added 2026/04/09 11:4 p.m.5 views

CVE-2026-34945

A flaw was found in Wasmtime's Winch compiler. This vulnerability, present in versions from 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, arises from an incorrect translation of the table.size instruction for 64-bit WebAssembly tables. An attacker, by crafting a malicious WebAssembly guest, could...

6.5CVSS5.8AI score0.00324EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 11:0 p.m.1 views

CVE-2026-5988 Tenda F451 AdvSetWrlsafeset formWrlsafeset stack-based overflow

A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mitssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be...

9CVSS8AI score0.00511EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 11:0 p.m.9 views

CVE-2026-5988

Tenda F451 1.0.0.7 is affected by CVE-2026-5988 in the function formWrlsafeset (/goform/AdvSetWrlsafeset). Manipulating the mit_ssid argument causes a stack-based buffer overflow. The vulnerability can be exploited remotely and the exploit is public. No remediation details are provided in the sup...

9CVSS7.8AI score0.00511EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 10:53 p.m.1 views

CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID

A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wcPKCS7DecryptOri function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo ORI recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer...

5.9CVSS6.2AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 10:53 p.m.17 views

CVE-2026-5295

The CVE describes a stack buffer overflow in wolfSSL’s PKCS7 code (wc_PKCS7_DecryptOri() in wolfcrypt/src/pkcs7.c) when handling CMS EnvelopedData with an OtherRecipientInfo (ORI) recipient. A parsed OID longer than 32 bytes is copied into a fixed 32-byte stack buffer (oriOID[MAX_OID_SZ]) without...

8CVSS6.3AI score0.00175EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/04/09 10:53 p.m.3 views

CVE-2026-5295

A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wcPKCS7DecryptOri function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo ORI recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer...

8CVSS5.7AI score0.00175EPSS
Exploits0
OSV
OSV
added 2026/04/09 10:16 p.m.4 views

UBUNTU-CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

5.3CVSS6AI score0.00228EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 9:50 p.m.24 views

CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

2.1CVSS0.00228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:50 p.m.2 views

CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

2.1CVSS6AI score0.00228EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/09 9:50 p.m.3 views

CVE-2026-5772

A 1-byte stack buffer over-read was identified in the MatchDomainName function src/internal.c during wildcard hostname validation when the LEFTMOSTWILDCARDONLY flag is active. If a wildcard exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check,...

5.3CVSS5.4AI score0.00228EPSS
Exploits0
EUVD
EUVD
added 2026/04/09 8:23 p.m.7 views

EUVD-2026-21024

Wasmtime has host data leakage with 64-bit tables and Winch...

2.3CVSS5.9AI score0.00324EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 8:23 p.m.3 views

GHSA-M9W2-8782-2946 Wasmtime has host data leakage with 64-bit tables and Winch

Impact Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the host's stack to WebAssembly guests. The host's stack can possibly contain sensitive...

6.5CVSS5.8AI score0.00324EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 7:16 p.m.6 views

CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

6.5CVSS0.00324EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 7:16 p.m.2 views

DEBIAN-CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

6.5CVSS5.5AI score0.00324EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 7:16 p.m.6 views

CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

6.5CVSS5.8AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 7:16 p.m.3 views

UBUNTU-CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

6.5CVSS5.8AI score0.00324EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:40 p.m.6 views

CVE-2026-34945

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

2.3CVSS5.9AI score0.00324EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/09 6:40 p.m.18 views

CVE-2026-34945 Wasmtime leaks host data with 64-bit tables and Winch

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...

2.3CVSS0.00324EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 4:16 p.m.2 views

CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

7.8CVSS0.00163EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 4:16 p.m.0 views

DEBIAN-CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

7.8CVSS5.9AI score0.00163EPSS
Exploits0References1
Rows per page
Query Builder