Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

106 matches found

Snyk
Snykadded 2026/06/03 9:0 p.m.7 views

Malicious Package

Overview chai-val is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/21 12:36 p.m.14 views

Malicious code in chai-val (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 515e313c5420dfe9edcb88d61079fa80dbf3539da465572fde5ece42ba6ed748 The package masquerades as a pino-logger helper file structure, exports, and keywords are copied from pino but its main entry exports a middleware th...

6.5AI score
Exploits0References1
OSV
OSVadded 2026/05/21 12:36 p.m.8 views

MAL-2026-4515 Malicious code in chai-val (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 515e313c5420dfe9edcb88d61079fa80dbf3539da465572fde5ece42ba6ed748 The package masquerades as a pino-logger helper file structure, exports, and keywords are copied from pino but its main entry exports a middleware th...

6.5AI score
Exploits0References1
EUVD
EUVDadded 2026/04/24 8:28 a.m.4 views

EUVD-2026-25409

A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API kuksa.val.v2. 3. Open...

8.5CVSS5.3AI score0.00269EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/04/13 11:26 p.m.4 views

SUSE CVE-2026-34943

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...

5.3CVSS5.8AI score0.00324EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/09 8:22 p.m.3 views

EUVD-2026-21022

Wasmtime has a possible panic when lifting flags component value...

5.6CVSS5.9AI score0.00324EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/04/09 8:22 p.m.7 views

Wasmtime has a possible panic when lifting `flags` component value

Impact Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This pani...

7.5CVSS5.7AI score0.00324EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/04/09 8:22 p.m.2 views

GHSA-M758-WJHJ-P3JQ Wasmtime has a possible panic when lifting `flags` component value

Impact Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This pani...

7.5CVSS5.7AI score0.00324EPSS
Exploits0References4
NVD
NVDadded 2026/04/09 7:16 p.m.11 views

CVE-2026-34943

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...

7.5CVSS0.00324EPSS
Exploits0References1
OSV
OSVadded 2026/04/09 7:16 p.m.3 views

DEBIAN-CVE-2026-34943

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...

7.5CVSS5.3AI score0.00324EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/04/09 7:16 p.m.5 views

CVE-2026-34943

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2
OSV
OSVadded 2026/04/09 7:16 p.m.4 views

UBUNTU-CVE-2026-34943

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/09 6:36 p.m.7 views

CVE-2026-34943

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...

5.6CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/09 6:36 p.m.25 views

CVE-2026-34943 Wasmtime panics when lifting `flags` component value

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits...

5.6CVSS0.00324EPSS
Exploits0References1
CVE
CVEadded 2026/04/09 6:36 p.m.13 views

CVE-2026-34943

Wasmtime (WebAssembly runtime) has a vulnerability where lifting a flags-typed component-model value with Val can panic if bits outside the allowed flags set are present. Affected versions before fixes include 24.0.7, 36.0.7, 42.0.2, and 43.0.1; the panic occurs in Wasmtime’s Val lifting (not in ...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2026/04/09 12:0 a.m.7 views

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 of Wastime contain security vulnerabilities. These vulnerabilities arise when using the Val type promotion feature to increase values of component models. If bi...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/09 12:0 a.m.3 views

PT-2026-31684

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 Description Wasmtime, a runtime for WebAssembly, may experience a panic when a flags-typed component model value is lifted with the Val type. This occurs if bits are set outside the...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References19
Qualys Blog
Qualys Blogadded 2026/03/23 12:45 p.m.9 views

Meet Agent Val: Closing the Validation Gap in Exposure Management at Machine Speed with Agentic AI

Executive Summary The primary challenge in vulnerability management is proving what is actually exploitable. Many vulnerabilities are not exploited, but still drain resources. Traditional tools often fail to validate real risks. Agent Val, within Qualys Enterprise TruRisk Management, delivers thi...

6AI score
Exploits0
RedhatCVE
RedhatCVEadded 2026/03/07 7:59 a.m.5 views

CVE-2026-28497

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

9.3CVSS5.8AI score0.00467EPSS
Exploits1References1
CVE
CVEadded 2026/03/06 2:51 a.m.27 views

CVE-2026-28497

TinyWeb (Delphi, Win32) before version 2.03 contains an integer overflow in the string-to-integer conversion routine (_Val) that enables an unauthenticated remote attacker to bypass Content-Length checks and perform HTTP Request Smuggling. This affects servers using persistent connections (Keep-A...

9.3CVSS6AI score0.00467EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder