These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-8916 is an out-of-bounds write vulnerability in Samsung Open Source rlottie, which allows for an overflow of buffers. The vulnerability has a CVSS v3.1 score of 6.1 and a severity of MEDIUM. It was published on 2026-06-04T10:16:40.363Z and last modified on 2026-06-04T15:27:23.470Z. The vulnerability affects rlottie versions before dcfde72eae1b0464dc0dd760aec00ada6a148635. Users can refer to [ref- [truncated]
CVE-2026-49510 is a MEDIUM severity vulnerability (CVSS Score: 6.1) affecting Samsung Open Source rlottie before version 21292665023e5074b38254432716866d00f1985f. This issue, published on 2026-06-04T10:16:39.457Z and modified on 2026-06-04T15:27:23.470Z, is an integer overflow or wraparound vulnerability which could allow for Integer Attacks.
CVE-2026-47320 is a vulnerability in Samsung Open Source rlottie, affecting versions before eae37633fda13ac05b25c6c95aacea4bc33c80a3. This issue involves an access of uninitialized pointer and uncontrolled recursion, potentially leading to pointer manipulation and oversized serialized data payloads. The vulnerability has a CVSS score of 6.1 and is classified as MEDIUM severity.
A stack-based buffer overflow vulnerability was discovered in Samsung Open Source rlottie, which could potentially lead to an overflow of buffers. This issue affects rlottie versions before ce72b35a7ad0dded03051d3aa0ef75321c3bd035. The vulnerability has a CVSS score of 6.1 and a severity of MEDIUM.
A MEDIUM severity vulnerability, CVE-2026-47306, was found in Samsung Open Source rlottie, affecting versions before e2d19e3b150e0e4a9586fa90b56fd3061cc98945. This issue is caused by an Uncontrolled Recursion vulnerability, which allows Oversized Serialized Data Payloads. The CVSS score for this vulnerability is 6.1.
CVE-2026-10305 is an out-of-bounds read vulnerability in Samsung Open Source rlottie that allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd. The vulnerability has a CVSS score of 6.1 and a severity of MEDIUM.
CVE-2026-8915 is a high-severity out-of-bounds write vulnerability in Samsung Open Source Escargot, a JavaScript engine. The vulnerability allows for buffer overflow conditions and affects commit 36f5fb58366a67b713c02f6fd985e924fcc09e31. The CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates network attack vector with low complexity, no privileges required, user interaction required, an [truncated]
## Summary CVE-2026-47317 documents an Uncontrolled Recursion vulnerability in Samsung Open Source Escargot, a JavaScript engine, that can lead to Excessive Allocation. The vulnerability affects Escargot commit 590345cc6258317c5da850d846ce6baaf2afc2d3. The issue was published on 2026-05-19 and is currently undergoing analysis by NVD. A fix has been proposed via pull request.
CVE-2026-47316 is a medium-severity vulnerability (CVSS 5.5) in Samsung's open-source JavaScript engine, Escargot. The flaw stems from improper handling of exceptional conditions (CWE-703), enabling input data manipulation. The vulnerability affects Escargot at commit 590345cc6258317c5da850d846ce6baaf2afc2d3. Published on 2026-05-19, this issue is currently undergoing analysis in the NVD. A pull request a [truncated]
CVE-2026-47315 is a medium-severity vulnerability (CVSS 5.5) in Samsung Open Source Escargot, a JavaScript engine. The flaw involves an improper check for unusual or exceptional conditions (CWE-754), allowing input data manipulation. The vulnerability affects Escargot version 590345cc6258317c5da850d846ce6baaf2afc2d3. The CVE was published on 2026-05-19 and is currently undergoing analysis per NVD status. [truncated]
CVE-2026-47314 is a high-severity out-of-bounds write vulnerability in Samsung Open Source Escargot, a JavaScript engine. The vulnerability allows for buffer overflow conditions and affects Escargot at commit 590345cc6258317c5da850d846ce6baaf2afc2d3. The issue was published on 2026-05-19 and is currently undergoing analysis by NVD. A pull request has been submitted to address the vulnerability.
A memory allocation vulnerability in Samsung's Escargot JavaScript engine allows excessive allocation, potentially causing denial of service through local attack vectors. The vulnerability affects commit 590345cc6258317c5da850d846ce6baaf2afc2d3 of the Escargot project. Samsung's PSIRT has identified this as CWE-789 (Memory Allocation with Excessive Size Value). A fix has been proposed via pull request. Th [truncated]
A use-after-free vulnerability in Samsung's Escargot JavaScript engine allows local attackers to cause denial of service through buffer manipulation. The issue affects a specific commit (590345cc6258317c5da850d846ce6baaf2afc2d3) of the open-source project. A fix has been proposed via pull request.
A heap-based buffer overflow vulnerability exists in Samsung Open Source Escargot, a JavaScript engine. The vulnerability affects commit 590345cc6258317c5da850d846ce6baaf2afc2d3 and is classified as CWE-122 (Heap-based Buffer Overflow). The CVSS 3.1 vector indicates a local attack vector requiring user interaction, with high impacts to confidentiality, integrity, and availability. Samsung's PSIRT has iden [truncated]
A use-after-free vulnerability in Samsung's Escargot JavaScript engine allows pointer manipulation, potentially enabling arbitrary code execution. The vulnerability affects commit 590345cc6258317c5da850d846ce6baaf2afc2d3. A fix has been proposed via pull request.
CVE-2026-47309 documents an uncontrolled recursion vulnerability in Samsung's Escargot JavaScript engine, specifically affecting commit 590345cc6258317c5da850d846ce6baaf2afc2d3. The flaw enables oversized serialized data payloads to trigger excessive recursion, resulting in denial of service through stack exhaustion. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) indicates a local attack vector [truncated]
A NULL pointer dereference vulnerability exists in Samsung Open Source Walrus, a WebAssembly runtime engine. The flaw, present in commit f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9, allows for pointer manipulation that could lead to denial of service conditions. The vulnerability requires local access with user interaction, as indicated by the CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Samsung's PSIR [truncated]
A NULL pointer dereference vulnerability exists in Samsung Open Source Walrus, a WebAssembly runtime. The flaw can be triggered by a crafted WebAssembly module containing deeply nested instructions, resulting in denial of service. The vulnerability affects Walrus commit f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9. A fix has been proposed via pull request.