973 matches found
CVE-2026-43989
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...
CVE-2026-43989
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...
EUVD-2026-29538
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...
CVE-2026-43989 JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...
CVE-2026-43989 JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...
CVE-2026-43989
CVE-2026-43989 affects JunoClaw: prior to 0.x.y-security-1, the upload_wasm MCP tool could accept a filesystem path from the agent and upload whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. The issue is fixed in 0.x.y-security-1. Fro...
JunoClaw 输入验证错误漏洞
JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the uploadwasm MCP tool accepting file system paths provided by the proxy without...
CVE-2026-8257
A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The explo...
NPM: VM2 Has a WASM Sandbox Escape (Node 25 only)
NPM: VM2 Has a WASM Sandbox Escape Node 25 only vulnerability discovered by ? in WordPress Npm vm2 versions 3.10.4...
GHSA-FFH4-J6H5-PG66 VM2 Has a WASM Sandbox Escape
Summary Full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. Details Confirmed on: vm2 3.10.4, Node.js v25.6.1 x64 Linux Trigger: Attacker-controlled code passed to VM.run Requires: Node.js...
CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only)
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...
CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only)
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...
CLSA-2026-1777543457 webkit2gtk3: Fix of 9 CVEs
Update to 2.50.6 to fix the following vulnerabilities WSA-2026-0001: - CVE-2025-43213: type confusion in JavaScriptCore fixed in 2.50.5 - CVE-2025-43214: out-of-bounds read in WebCore fixed in 2.50.5 - CVE-2025-43457: integer overflow in WebKit canvas rendering fixed in 2.50.6 - CVE-2025-43511:...
GHSA-82J2-J2CH-GFR8 vulnerabilities
Vulnerabilities for packages: fnm, wasmtime, nushell, kdash, uv, deno, linkerd2, sentry-cli, ztunnel-fips, mise, parseable, rustls-openssl-client, samply, buck2, shadowsocks-rust, rye, qdrant, berg, pixi, zizmor, lychee, garage, linkerd-network-validator, ztunnel, linkerd2-proxy, zola,...
Exploit for CVE-2026-30368
CVE-2026-30368 Proof of concept Introduction CVE-2026-3036...
GHSA-XGP8-3HG3-C2MH vulnerabilities
Vulnerabilities for packages: xh, wasm-pack, linkerd-network-validator, zola, deno, parseable, zellij, buck2, lychee, zizmor, linkerd2-proxy, sqlx, tealdeer, shadowsocks-rust, berg, cargo-audit, atuin, pixi, rustup, qdrant, linkerd-extension-init, samply, py3-xet-core, kdash, uv, rye, wasmcloud,...
GHSA-965H-392X-2MH5 vulnerabilities
Vulnerabilities for packages: xh, wasm-pack, linkerd-network-validator, zola, deno, parseable, zellij, buck2, lychee, zizmor, linkerd2-proxy, sqlx, tealdeer, shadowsocks-rust, berg, cargo-audit, atuin, pixi, rustup, qdrant, linkerd-extension-init, samply, py3-xet-core, kdash, uv, rye, wasmcloud,...
GHSA-XGP8-3HG3-C2MH vulnerabilities
Vulnerabilities for packages: fnm, wasmtime, kdash, uv, deno, linkerd2, sentry-cli, ztunnel-fips, mise, parseable, samply, buck2, shadowsocks-rust, rye, qdrant, berg, pixi, zizmor, lychee, garage, linkerd-network-validator, ztunnel, linkerd2-proxy, zola, linkerd2-cni-plugin, linkerd-extension-ini...
GHSA-965H-392X-2MH5 vulnerabilities
Vulnerabilities for packages: fnm, wasmtime, kdash, uv, deno, linkerd2, sentry-cli, ztunnel-fips, mise, parseable, samply, buck2, shadowsocks-rust, rye, qdrant, berg, pixi, zizmor, lychee, garage, linkerd-network-validator, ztunnel, linkerd2-proxy, zola, linkerd2-cni-plugin, linkerd-extension-ini...
SUSE CVE-2026-34987
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...