Lucene search
K

970 matches found

vulnersOsv
vulnersOsv
•added 2026/04/09 8:22 p.m.•3 views

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-34944 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-34944 Source advisory: OSV:GHSA-QQFJ-4VCM-26HV...

5.7CVSS5.4AI score0.00227EPSS
Exploits0
vulnersOsv
vulnersOsv
•added 2026/04/09 8:22 p.m.•4 views

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-34943 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-34943 Source advisory: OSV:GHSA-M758-WJHJ-P3JQ...

7.5CVSS5.4AI score0.00324EPSS
Exploits0
OSV
OSV
•added 2026/04/09 7:16 p.m.•3 views

DEBIAN-CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9.9CVSS5.5AI score0.00278EPSS
Exploits0References1
NVD
NVD
•added 2026/04/09 7:16 p.m.•4 views

CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9.9CVSS0.00278EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2026/04/09 7:16 p.m.•4 views

CVE-2026-34987

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9.9CVSS5.8AI score0.00278EPSS
Exploits0References2
CVE
CVE
•added 2026/04/09 6:52 p.m.•44 views

CVE-2026-34988

Summary: CVE-2026-34988 affects Wasmtime’s pooling allocator. In certain configurations, when embedding allows specific settings, memory contents can leak between linear memories across WebAssembly instances, breaking Wasmtime’s sandbox. The issue stems from incorrect VM-permission reset logic in...

6.3CVSS5.9AI score0.00286EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
•added 2026/04/09 12:0 a.m.•5 views

PT-2026-31690

Name of the Vulnerable Software and Affected Versions Wasmtime versions 25.0.0 through 36.0.6, 42.0.2, and 43.0.1 Description Wasmtime, a runtime for WebAssembly, may allow guest WebAssembly code to access host memory outside of its designated sandbox when using the Winch compiler backend. This...

9CVSS6.4AI score0.00278EPSS
Exploits0References11
CNNVD
CNNVD
•added 2026/04/09 12:0 a.m.•7 views

wasmtime ē¼“å†²åŒŗé”™čÆÆę¼ę“ž

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 36.0.7, 42.0.2, and 43.0.1 contained a buffer error vulnerability. This vulnerability stemmed from a flaw in the Winch compiler backend, which could allow guest Wasm access to host...

9.9CVSS6.3AI score0.00278EPSS
Exploits0References1
RedHat Linux
RedHat Linux
•added 2026/03/12 8:19 a.m.•5 views

firefox: thunderbird: Use-after-free in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript: WebAssembly component...

9.8CVSS5.7AI score0.00384EPSS
Exploits0References6
GithubExploit
GithubExploit
•added 2026/03/10 5:49 a.m.•205 views

Exploit for Type Confusion in Apple Ipados

šŸ“ā€ā˜ ļø Coruna iOS Exploit Kit: CVE-2024-23222 Research !CVEh...

8.8CVSS5.9AI score0.10593EPSS
Exploits6
GithubExploit
GithubExploit
•added 2026/03/10 5:49 a.m.•204 views

Exploit for Type Confusion in Apple Ipados

šŸ“ā€ā˜ ļø Coruna iOS Exploit Kit: CVE-2024-23222 Research !CVEh...

8.8CVSS6AI score0.10593EPSS
Exploits6
GithubExploit
GithubExploit
•added 2026/03/04 2:48 p.m.•563 views

Exploit for Type Confusion in Apple Ipados

Coruna Exploit Kit - Deobfuscated CVE-2024-23222 HEAVILY B...

8.8CVSS7.7AI score0.10593EPSS
Exploits6
vulnersOsv
vulnersOsv
•added 2026/02/24 8:47 p.m.•4 views

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:GHSA-852M-CVVP-9P4W...

6.9CVSS5.4AI score0.00345EPSS
Exploits0
vulnersOsv
vulnersOsv
•added 2026/02/24 12:0 p.m.•5 views

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +105 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:RUSTSEC-2026-0020...

6.9CVSS5.4AI score0.00345EPSS
Exploits0
OSV
OSV
•added 2026/02/17 9:29 p.m.•8 views

GHSA-4CHV-4C6W-W254 The rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide

Impact The contractimpl macro contains a bug in how it wires up function calls. In Rust, you can define functions on a type in two ways: - Directly on the type as an inherent function: rust impl MyContract fn value ... - Through a trait rust impl Trait for MyContract fn value ... These are two...

7.5CVSS5.7AI score0.00317EPSS
Exploits1References7
Github Security Blog
Github Security Blog
•added 2026/02/17 9:29 p.m.•10 views

The rs-soroban-sdk #[contractimpl] macro calls inherent function instead of trait function when names collide

Impact The contractimpl macro contains a bug in how it wires up function calls. In Rust, you can define functions on a type in two ways: - Directly on the type as an inherent function: rust impl MyContract fn value ... - Through a trait rust impl Trait for MyContract fn value ... These are two...

7.5CVSS5.6AI score0.00317EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
•added 2026/02/17 12:0 a.m.•9 views

PT-2026-20342

Name of the Vulnerable Software and Affected Versions soroban-sdk-macros versions prior to 22.0.10 soroban-sdk-macros versions prior to 23.5.2 soroban-sdk-macros versions prior to 25.1.1 Description The contractimpl macro in soroban-sdk-macros has a flaw in how it manages function calls. When...

7.5CVSS5.6AI score0.00317EPSS
Exploits1References8
RedhatCVE
RedhatCVE
•added 2026/02/14 1:26 a.m.•4 views

CVE-2026-26055

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
NVD
NVD
•added 2026/02/12 10:16 p.m.•7 views

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

8.8CVSS0.004EPSS
Exploits1References1
Github Security Blog
Github Security Blog
•added 2026/02/12 10:6 p.m.•9 views

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller...

8.8CVSS6.9AI score0.004EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder