Lucene search
K

65 matches found

OSV
OSV
added last week3 views

CVE-2026-58494 Wasmtime: WASI hard links bypass wasmtime-wasi's FilePerms for destination

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS6.1AI score0.00119EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3;...

5CVSS5.9AI score0.00217EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 9:17 p.m.7 views

CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

5CVSS0.00217EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 9:17 p.m.4 views

UBUNTU-CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

5CVSS5.7AI score0.00217EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 7:47 p.m.2 views

CVE-2026-47261 Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS5.9AI score0.00357EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

SAMSUNG Walrus 代码问题漏洞

SAMSUNG Walrus is a WebAssembly runtime engine developed by South Korea’s Samsung Corporation. There is a code vulnerability in SAMSUNG Walrus, which stems from null pointer dereferencing, potentially leading to pointer-related issues...

5.5CVSS5.9AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/09 11:4 p.m.7 views

CVE-2026-34943

A flaw was found in Wasmtime, a runtime for WebAssembly. A malicious guest can exploit an issue where a flags-typed component model value, containing unexpected bit settings, causes the host system to panic during processing. This vulnerability can lead to a Denial of Service DoS, rendering the...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/09 7:16 p.m.7 views

CVE-2026-35195

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This...

6.1CVSS5.9AI score0.00216EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/09 7:16 p.m.4 views

CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS6AI score0.00319EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/09 6:52 p.m.5 views

CVE-2026-34988

Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents of linear memory can be leaked from one instance to the next. The implementation of resetting the...

6.3CVSS5.4AI score0.00286EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/09 6:38 p.m.5 views

CVE-2026-34944 Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can resul...

4.1CVSS5.8AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 6:29 p.m.27 views

CVE-2026-34941

Wasmtime (WebAssembly runtime) contains a heap OOB read during transcoding of UTF-16 to the latin1+utf16 component-model encoding. The bug stems from validating the input length by code units instead of by byte length, causing reads beyond the WebAssembly linear memory during bounds checking. In ...

8.1CVSS5.9AI score0.00376EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31684

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 Description Wasmtime, a runtime for WebAssembly, may experience a panic when a flags-typed component model value is lifted with the Val type. This occurs if bits are set outside the...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31689

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS5.9AI score0.00117EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:37 a.m.8 views

Security Bulletin: Denial-of-Service Vulnerability in WebAssembly Micro Runtime (WAMR) LLVM-JIT Mode (≤ v2.4.1) affects watsonx.data

Summary A vulnerability in WebAssembly Micro Runtime WAMR prior to v2.4.2 causes the runtime to hang or crash when executing WebAssembly programs with memory.fill instructions targeting addresses ≥ 2 GiB in LLVM-JIT mode. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-58749...

7.4CVSS5.8AI score0.00344EPSS
Exploits3Affected Software1
OSV
OSV
added 2026/02/24 10:16 p.m.6 views

UBUNTU-CVE-2026-27204

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested...

6.9CVSS5.8AI score0.00345EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/02/24 9:23 p.m.5 views

CVE-2026-27204 Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of WASI host interfaces are susceptible to guest-controlled resource exhaustion on the host. Wasmtime did not appropriately place limits on resource allocations requested...

6.9CVSS5.9AI score0.00345EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/01/27 6:58 p.m.4 views

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

5.5CVSS5.3AI score0.00214EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2025/12/30 8:16 p.m.6 views

CVE-2025-69261

WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in WasmEdge/include/runtime/instance/memory.h can wrap, causing checkAccessBound to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue...

7.5CVSS5.8AI score0.00285EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/12/30 7:43 p.m.9 views

CVE-2025-69261

WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in WasmEdge/include/runtime/instance/memory.h can wrap, causing checkAccessBound to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue...

7.5CVSS5.2AI score0.00285EPSS
Exploits0
Rows per page
Query Builder