PT-2026-23053

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.159 Description An improper implementation in WebAssembly in Google Chrome prior to version 145.0.7632.159 allows a remote attacker to perform out-of-bounds memory access via a crafted HTML page. The...

EUVD-2017-6881

Malware in sbrugna...

EUVD-2024-2985

Malicious code in bioql PyPI...

CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

CVE-2023-51661

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

CVE-2023-27115

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::catcomputesize...

CVE-2022-39392

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...