CVE-2026-43989 JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

EUVD-2018-3414

Malware in sbrugna...

EUVD-2024-54825

Malicious code in bioql PyPI...

EUVD-2024-0852

Malicious code in bioql PyPI...

EUVD-2024-16543

Malicious code in bioql PyPI...

EUVD-2025-7438

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-46054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrowwasm::Rethrow. CVE-2021-46054 Note th...

Important: firefox

Issue Overview: On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.1...

Linux Distros Unpatched Vulnerability : CVE-2025-8028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computati...

CVE-2025-8028 Large branch table could lead to truncated instruction

On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1,...

CVE-2025-48905

Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types...

CVE-2025-1933 JIT corruption of WASM i32 return values on 64-bit CPUs

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

addr2line (=0.7.0), aether (>=0.0.1 <=0.0.3) +359 more potentially affected by unknown CVE via parity-wasm (>=0.17.0 <=0.45.0)

parity-wasm CARGO version =0.17.0, =0.0.1, =0.1.0, =0.26.1, =0.3.10, =0.0.1, =0.0.0, =0.0.1, =0.1.0, =0.4.1, =0.1.0, =0.2.0, =0.4.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0061...

DEBIAN-CVE-2019-7700

A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge...

CVE-2018-16765

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service application crash or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else...