| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35195 | Wasmtime has an out-of-bounds write or crash when transcoding component model strings | bytecodealliance | wasmtime | - | - | 2026-04-09 18:55:56 | Deep Dive |
| CVE-2026-35186 | Wasmtime has an improperly masked return value from `table.grow` with Winch compiler backend | bytecodealliance | wasmtime | - | - | 2026-04-09 18:54:49 | Deep Dive |
| CVE-2026-34988 | Wasmtime leaks data between pooling allocator instances | bytecodealliance | wasmtime | - | - | 2026-04-09 18:52:26 | Deep Dive |
| CVE-2026-34987 | Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access | bytecodealliance | wasmtime | - | - | 2026-04-09 18:48:34 | Deep Dive |
| CVE-2026-34983 | Wasmtime has a use-after-free bug after cloning `wasmtime::Linker` | bytecodealliance | wasmtime | - | - | 2026-04-09 18:47:27 | Deep Dive |
| CVE-2026-34971 | Wasmtime miscompiled guest heap access enables sandbox escape on aarch64 Cranelift | bytecodealliance | wasmtime | - | - | 2026-04-09 18:45:45 | Deep Dive |
| CVE-2026-34946 | Wasmtime's host panics when Winch compiler executes `table.fill` | bytecodealliance | wasmtime | - | - | 2026-04-09 18:43:39 | Deep Dive |
| CVE-2026-34945 | Wasmtime leaks host data with 64-bit tables and Winch | bytecodealliance | wasmtime | - | - | 2026-04-09 18:40:48 | Deep Dive |
| CVE-2026-34944 | Wasmtime segfault or unused out-of-sandbox load with `f64x2.splat` operator on x86-64 | bytecodealliance | wasmtime | - | - | 2026-04-09 18:38:16 | Deep Dive |
| CVE-2026-34943 | Wasmtime panics when lifting `flags` component value | bytecodealliance | wasmtime | - | - | 2026-04-09 18:36:51 | Deep Dive |
| CVE-2026-34942 | Wasmtime panics when transcoding misaligned utf-16 strings | bytecodealliance | wasmtime | - | - | 2026-04-09 18:32:56 | Deep Dive |
| CVE-2026-34941 | Wasmtime has a Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding | bytecodealliance | wasmtime | - | - | 2026-04-09 18:29:31 | Deep Dive |
| CVE-2026-27572 | Wasmtime can panic when adding excessive fields to a `wasi:http/types.fields` instance | bytecodealliance | wasmtime | 高危 | - | 2026-02-24 21:31:50 | Deep Dive |
| CVE-2026-27204 | Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion | bytecodealliance | wasmtime | 中危 | - | 2026-02-24 21:23:47 | Deep Dive |
| CVE-2026-27195 | Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future | bytecodealliance | wasmtime | 高危 | - | 2026-02-24 21:15:20 | Deep Dive |
| CVE-2026-24116 | Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64 | bytecodealliance | wasmtime | - | - | 2026-01-27 18:58:52 | Deep Dive |
| CVE-2025-64713 | WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode | bytecodealliance | wasm-micro-runtime | Medium | 5.1 | 2025-11-25 22:13:48 | Deep Dive |
| CVE-2025-64704 | WebAssembly Micro Runtime vulnerable to a segmentation fault in v128.store instruction | bytecodealliance | wasm-micro-runtime | Medium | 4.7 | 2025-11-25 22:06:47 | Deep Dive |
| CVE-2025-64345 | Wasmtime provides unsound API access to a WebAssembly shared linear memory | bytecodealliance | wasmtime | Low | 1.8 | 2025-11-12 21:25:51 | Deep Dive |
| CVE-2025-62711 | Wasmtime vulnerable to segfault when using component resources | bytecodealliance | wasmtime | 中危 | - | 2025-10-24 21:54:53 | Deep Dive |