ByteOS Network

FascinatedBox

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-2662

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-Not Assigned

Published-18 Feb, 2026 | 19:32

Updated-18 Feb, 2026 | 20:18

FascinatedBox lily lily_emitter.c count_transforms out-of-bounds

A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Vendor-FascinatedBox

Product-lily

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-125

Out-of-bounds Read

CVE-2026-2660

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-Not Assigned

Published-18 Feb, 2026 | 18:02

Updated-18 Feb, 2026 | 19:21

FascinatedBox lily lily_symtab.c shorthash_for_name use after free

A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local access is required to approach this attack. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Vendor-FascinatedBox

Product-lily

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-416

Use After Free