Lucene search
K

2114 matches found

CNNVD
CNNVD
added 2026/02/12 12:0 a.m.9 views

yoke 代码注入漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained a code injection vulnerability. This vulnerability stemmed from the lack of proper URL validation in the Air Traffic Controller component, allowing users with the authority to create or...

8.8CVSS6.2AI score0.004EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.15 views

PT-2026-7905

Name of the Vulnerable Software and Affected Versions Yoke versions 0.18.x and earlier Description The Air Traffic Controller ATC component of Yoke lacks proper authentication mechanisms for its webhook endpoints. This allows any pod within the cluster network to send AdmissionReview requests...

9.9CVSS6AI score0.27661EPSS
Exploits45References119
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.16 views

PT-2026-7906

Name of the Vulnerable Software and Affected Versions Yoke versions 0.19.0 and earlier Description Yoke's Air Traffic Controller ATC component contains a flaw that allows users with Custom Resource CR create/update permissions to execute arbitrary WASM code. This is achieved by injecting a...

9.9CVSS6.5AI score0.27661EPSS
Exploits45References118
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.12 views

PT-2026-7268

A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer a...

4.8CVSS4.9AI score0.00157EPSS
Exploits1References7
OSV
OSV
added 2026/01/27 7:16 p.m.6 views

AZL-75533 CVE-2026-24116 affecting package rust 1.75.0-24

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

5.5CVSS5.6AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/01/27 7:16 p.m.3 views

UBUNTU-CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

5.5CVSS5.8AI score0.00214EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2026/01/27 7:16 p.m.5 views

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

5.5CVSS5.7AI score0.00214EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2026/01/27 6:58 p.m.4 views

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

5.5CVSS5.3AI score0.00214EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/01/27 12:48 a.m.8 views

Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64

On x86-64 platforms with AVX Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled...

5.5CVSS5.9AI score0.00214EPSS
Exploits0References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: qtbase (CVE-2024-30161)

The version of qtbase installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30161 advisory. - In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for...

6.5CVSS5.7AI score0.00452EPSS
Exploits0References2
Fedora
Fedora
added 2026/01/21 1:31 a.m.8 views

[SECURITY] Fedora 42 Update: golang-github-tetratelabs-wazero-1.11.0-1.fc42

WebAssembly is a way to safely run code compiled in other languages. Runtimes execute WebAssembly Modules Wasm, which are most often binaries with a .wasm extension. wazero is a WebAssembly Core Specification 1.0 and 2.0 compliant runtime written in Go. It has zero dependencies, and doesn't rely ...

6.5CVSS6.7AI score0.00489EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : thunderbird-115.14.0-1.el8_10.ML.1 (AXSA:2024-8693:19)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8693:19 advisory. Thunderbird: 115.14/128.1 mozilla: Fullscreen notification dialog can be obscured by document content CVE-2024-7518 mozilla: Out of bounds memory...

9.8CVSS8.4AI score0.00602EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : firefox-102.14.0-1.el8.ML.1 (AXSA:2023-6318:29)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6318:29 advisory. Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation...

9.8CVSS8.8AI score0.13694EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : firefox-128.7.0-1.0.1.el7.AXS7 (AXSA:2025-9661:05)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9661:05 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 CVE-2025-1017 firefox:...

9.8CVSS8.5AI score0.01196EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.13 views

MiracleLinux 9 : nodejs:18 (AXSA:2023-6525:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6525:01 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according to...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 8 : nodejs:18 (AXSA:2023-6526:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6526:01 advisory. HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A Asianux Security Bulletin which...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : firefox-115.14.0-2.el9_4.ML.1 (AXSA:2024-8689:27)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8689:27 advisory. Firefox: 115.14/128.1 ESR mozilla: Fullscreen notification dialog can be obscured by document content CVE-2024-7518 mozilla: Out of bounds memory...

9.8CVSS8.4AI score0.00602EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability in Firefox

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

7.5CVSS7.5AI score0.0041EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 9 : thunderbird-140.5.0-2.el9_7.ML.1 (AXSA:2025-11549:27)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11549:27 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefo...

8.8CVSS8.5AI score0.0041EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.7 views

MiracleLinux 9 : firefox-140.5.0-1.el9_7.ML.1 (AXSA:2025-11515:36)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11515:36 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefo...

8.8CVSS8.7AI score0.0041EPSS
Exploits0References10
Rows per page
Query Builder