Lucene search
K

6 matches found

CVE
CVE
added yesterday5 views

CVE-2026-54786

Summary: CVE-2026-54786 affects Wasmtime’s native WASIp1 implementation. The leak occurs in the fd_renumber path where the destination file descriptor is not properly closed, causing host-side resource and file descriptor leaks. The bug only affects runtimes that load core wasm modules and expose...

2.3CVSS5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

2.3CVSS5.7AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21918

Malicious code in bioql PyPI...

3.5CVSS6.3AI score0.00299EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2025/07/18 7:50 p.m.6 views

Wasmtime CLI is vulnerable to host panic through its fd_renumber function

Summary A bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling fdrenumber with either: - two equal argument values - second argument being equal...

3.5CVSS6.5AI score0.00299EPSS
Exploits0References12Affected Software2
Cvelist
Cvelist
added 2025/07/18 5:10 p.m.8 views

CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

3.5CVSS0.00299EPSS
Exploits0References5
OSV
OSV
added 2025/07/18 5:10 p.m.5 views

CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

3.5CVSS6.5AI score0.00299EPSS
Exploits0References7
Rows per page
Query Builder