Chromium: CVE-2026-10015 Integer overflow in WTF

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

PT-2026-44571

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An integer overflow in WTF allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. Recommendations Update to version 148.0.7778.216 ...

CVE-2019-15716

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...

Malicious code in tracking-wtf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f6c419e01391037aa9cad91f15a45a36a535cf2a7cee66dfe6a8814f2da5eec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11013 Malicious code in tracking-wtf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f6c419e01391037aa9cad91f15a45a36a535cf2a7cee66dfe6a8814f2da5eec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Snapshot fuzzing direct composition with WTF

Cisco Talos has developed a custom fuzzer using the popular snapshot fuzzer "WTF" which targets Direct Composition in Windows. Talos vulnerability research team used Protocol Buffers developed by Google to serialize and deserialize test cases. The Bochscpu backend of WTF was patched and other...

CVE-2019-15716

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...

CVE-2019-15716

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...

CVE-2019-15716

CVE-2019-15716 affects the WTF utility prior to version 0.19.0, where the permissions on the sensitive file config.yml may be misconfigured, enabling local attackers to read passwords or API keys. The issue is rooted in improper access controls for this config file. Public documentation confirms ...

CVE-2019-15716

WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsafe OS defaults...

Flerken - Obfuscated Command Detection Tool

Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile,...

CVE-2018-13510

The mintToken function of a smart contract implementation for Welfare Token Fund WTF, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

Design/Logic Flaw

WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service CPU consumption via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions...

CVE-2009-3933

CVE-2009-3933 affects WebKit as used in Google Chrome up to version prior to 3.0.195.32. The issue is a denial of service caused by a CPU-consuming hot path when a web page calls JavaScript setInterval, triggered by an incompatibility between WTF::currentTime and base::Time functions. The vulnera...