Lucene search
+L

973 matches found

RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.10 views

CVE-2026-43989

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS5.8AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 5:16 p.m.34 views

CVE-2026-43989

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS0.00147EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 4:21 p.m.11 views

EUVD-2026-29538

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS5.8AI score0.00147EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 4:21 p.m.7 views

CVE-2026-43989 JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS5.8AI score0.00147EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 4:21 p.m.55 views

CVE-2026-43989 JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS0.00147EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 4:21 p.m.25 views

CVE-2026-43989

CVE-2026-43989 affects JunoClaw: prior to 0.x.y-security-1, the upload_wasm MCP tool could accept a filesystem path from the agent and upload whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. The issue is fixed in 0.x.y-security-1. Fro...

8.5CVSS5.8AI score0.00147EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

JunoClaw 输入验证错误漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the uploadwasm MCP tool accepting file system paths provided by the proxy without...

8.5CVSS5.9AI score0.00147EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/11 12:0 a.m.10 views

CVE-2026-8257

A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The explo...

5.5CVSS5.4AI score0.00159EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/05/05 4:44 p.m.11 views

NPM: VM2 Has a WASM Sandbox Escape (Node 25 only)

NPM: VM2 Has a WASM Sandbox Escape Node 25 only vulnerability discovered by ? in WordPress Npm vm2 versions 3.10.4...

9.8CVSS6AI score0.00921EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/05 4:44 p.m.8 views

GHSA-FFH4-J6H5-PG66 VM2 Has a WASM Sandbox Escape

Summary Full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. Details Confirmed on: vm2 3.10.4, Node.js v25.6.1 x64 Linux Trigger: Attacker-controlled code passed to VM.run Requires: Node.js...

9.8CVSS6.2AI score0.00921EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/04 4:37 p.m.7 views

CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only)

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

9.8CVSS6AI score0.00921EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/04 4:37 p.m.36 views

CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only)

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

9.8CVSS0.00921EPSS
Exploits1References2
OSV
OSV
added 2026/04/30 10:10 a.m.10 views

CLSA-2026-1777543457 webkit2gtk3: Fix of 9 CVEs

Update to 2.50.6 to fix the following vulnerabilities WSA-2026-0001: - CVE-2025-43213: type confusion in JavaScriptCore fixed in 2.50.5 - CVE-2025-43214: out-of-bounds read in WebCore fixed in 2.50.5 - CVE-2025-43457: integer overflow in WebKit canvas rendering fixed in 2.50.6 - CVE-2025-43511:...

8.8CVSS5.9AI score0.00961EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/04/25 7:17 a.m.11 views

GHSA-82J2-J2CH-GFR8 vulnerabilities

Vulnerabilities for packages: fnm, wasmtime, nushell, kdash, uv, deno, linkerd2, sentry-cli, ztunnel-fips, mise, parseable, rustls-openssl-client, samply, buck2, shadowsocks-rust, rye, qdrant, berg, pixi, zizmor, lychee, garage, linkerd-network-validator, ztunnel, linkerd2-proxy, zola,...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/22 3:40 a.m.180 views

Exploit for CVE-2026-30368

CVE-2026-30368 Proof of concept Introduction CVE-2026-3036...

5.7AI score0.00346EPSS
Exploits1
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.22 views

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: xh, wasm-pack, linkerd-network-validator, zola, deno, parseable, zellij, buck2, lychee, zizmor, linkerd2-proxy, sqlx, tealdeer, shadowsocks-rust, berg, cargo-audit, atuin, pixi, rustup, qdrant, linkerd-extension-init, samply, py3-xet-core, kdash, uv, rye, wasmcloud,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/04/17 8:0 p.m.10 views

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: xh, wasm-pack, linkerd-network-validator, zola, deno, parseable, zellij, buck2, lychee, zizmor, linkerd2-proxy, sqlx, tealdeer, shadowsocks-rust, berg, cargo-audit, atuin, pixi, rustup, qdrant, linkerd-extension-init, samply, py3-xet-core, kdash, uv, rye, wasmcloud,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.8 views

GHSA-XGP8-3HG3-C2MH vulnerabilities

Vulnerabilities for packages: fnm, wasmtime, kdash, uv, deno, linkerd2, sentry-cli, ztunnel-fips, mise, parseable, samply, buck2, shadowsocks-rust, rye, qdrant, berg, pixi, zizmor, lychee, garage, linkerd-network-validator, ztunnel, linkerd2-proxy, zola, linkerd2-cni-plugin, linkerd-extension-ini...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/04/17 7:17 p.m.8 views

GHSA-965H-392X-2MH5 vulnerabilities

Vulnerabilities for packages: fnm, wasmtime, kdash, uv, deno, linkerd2, sentry-cli, ztunnel-fips, mise, parseable, samply, buck2, shadowsocks-rust, rye, qdrant, berg, pixi, zizmor, lychee, garage, linkerd-network-validator, ztunnel, linkerd2-proxy, zola, linkerd2-cni-plugin, linkerd-extension-ini...

5.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.10 views

SUSE CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9.9CVSS5.8AI score0.00278EPSS
Exploits0References3
Rows per page
Query Builder