Lucene search
+L

4935828 matches found

Cvelist
Cvelist
added 22 minutes ago3 views

CVE-2026-16120 nextlevelbuilder GoClaw exec_approval.go extractBin name resolution

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...

6.5CVSS
Exploits0References7
CVE
CVE
added 22 minutes ago1 views

CVE-2026-16120 nextlevelbuilder GoClaw exec_approval.go extractBin name resolution

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...

6.5CVSS5AI score
Exploits0References7
NVD
NVD
added 36 minutes ago1 views

CVE-2026-9147

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...

8.5CVSS
Exploits0References4
NVD
NVD
added 36 minutes ago1 views

CVE-2026-59173

Uncontrolled Resource Consumption vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.1.13, from 10.0.0 through 10.1.2. Users are recommended to upgrade to version 9.1.14 or 10.1.3, which fixes the issue...

Exploits0References1
NVD
NVD
added 36 minutes ago1 views

CVE-2026-16158

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...

8.7CVSS
Exploits0References2
NVD
NVD
added 36 minutes ago1 views

CVE-2026-15631

Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which...

8.7CVSS
Exploits0References2
Cvelist
Cvelist
added 42 minutes ago2 views

CVE-2025-71398 SurrealDB before 2.2.2 SSRF via HTTP Redirect Bypass

SurrealDB before 2.2.2 fails to validate HTTP redirects in http functions, allowing authenticated users to bypass deny-net restrictions by redirecting to blocked IP addresses. Attackers can host a public server that redirects to denied network targets, enabling server-side request forgery to acce...

5.8CVSS
Exploits0References2
Cvelist
Cvelist
added 42 minutes ago2 views

CVE-2025-71397 SurrealDB before 2.2.2 CPU Exhaustion via nested FOR loops

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions at the root, namespace, or database level to define custom database functions via DEFINE FUNCTION using nested FOR loops. Although a single loop's iteration count is...

7.1CVSS
Exploits0References2
CVE
CVE
added 42 minutes ago2 views

CVE-2025-71398 SurrealDB before 2.2.2 SSRF via HTTP Redirect Bypass

SurrealDB before 2.2.2 fails to validate HTTP redirects in http functions, allowing authenticated users to bypass deny-net restrictions by redirecting to blocked IP addresses. Attackers can host a public server that redirects to denied network targets, enabling server-side request forgery to acce...

5.8CVSS5.4AI score
Exploits0References2
CVE
CVE
added 42 minutes ago1 views

CVE-2025-71397 SurrealDB before 2.2.2 CPU Exhaustion via nested FOR loops

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions at the root, namespace, or database level to define custom database functions via DEFINE FUNCTION using nested FOR loops. Although a single loop's iteration count is...

7.1CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added 42 minutes ago1 views

CVE-2025-71396 SurrealDB before 2.2.2 Denial of Service via JavaScript Scripting

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 does not enforce a default execution-time limit on embedded JavaScript scripting functions when the scripting capability is explicitly enabled via --allow-scripting or --allow-all. An authenticated attacker can submit long-running...

2.3CVSS
Exploits0References2
CVE
CVE
added 42 minutes ago3 views

CVE-2025-71396 SurrealDB before 2.2.2 Denial of Service via JavaScript Scripting

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 does not enforce a default execution-time limit on embedded JavaScript scripting functions when the scripting capability is explicitly enabled via --allow-scripting or --allow-all. An authenticated attacker can submit long-running...

2.3CVSS5.2AI score
Exploits0References2
Cvelist
Cvelist
added 42 minutes ago2 views

CVE-2025-71394 SurrealDB before 2.2.2 Local File Read via DEFINE ANALYZER

SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenticated users to read arbitrary files on the file system. Attackers with root, namespace, or database level privileges can point analyzers to arbitrary file paths and...

2.3CVSS
Exploits0References2
CVE
CVE
added 42 minutes ago2 views

CVE-2025-71395 SurrealDB before 2.2.2 Memory Exhaustion via string::replace

SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restrict resulting string length when using regex patterns. An authenticated attacker can craft a malicious query to exhaust server memory through unbounded string allocations,...

7.1CVSS5.4AI score
Exploits0References2
Cvelist
Cvelist
added 42 minutes ago3 views

CVE-2025-71395 SurrealDB before 2.2.2 Memory Exhaustion via string::replace

SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restrict resulting string length when using regex patterns. An authenticated attacker can craft a malicious query to exhaust server memory through unbounded string allocations,...

7.1CVSS
Exploits0References2
CVE
CVE
added 42 minutes ago4 views

CVE-2025-71394 SurrealDB before 2.2.2 Local File Read via DEFINE ANALYZER

SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenticated users to read arbitrary files on the file system. Attackers with root, namespace, or database level privileges can point analyzers to arbitrary file paths and...

2.3CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added 42 minutes ago2 views

CVE-2025-71393 SurrealDB before 2.2.2 Memory Exhaustion via Nested Functions

SurrealDB before 2.2.2 with scripting enabled fails to properly enforce recursion limits when native functions contain embedded JavaScript that issues new queries. Authenticated attackers can bypass the recursion limit by chaining native and JavaScript function calls to trigger infinite recursion...

6CVSS
Exploits0References2
CVE
CVE
added 42 minutes ago2 views

CVE-2025-71393 SurrealDB before 2.2.2 Memory Exhaustion via Nested Functions

SurrealDB before 2.2.2 with scripting enabled fails to properly enforce recursion limits when native functions contain embedded JavaScript that issues new queries. Authenticated attackers can bypass the recursion limit by chaining native and JavaScript function calls to trigger infinite recursion...

6CVSS5.2AI score
Exploits0References2
Cvelist
Cvelist
added 42 minutes ago2 views

CVE-2025-71392 SurrealDB before 2.2.2 SurrealQL Injection via export

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the command-line export command. An authenticated System User with OWNER or EDITOR roles can create tables or fields with malicious names containing SurrealQL. When a...

9.4CVSS
Exploits0References2
CVE
CVE
added 42 minutes ago1 views

CVE-2025-71392 SurrealDB before 2.2.2 SurrealQL Injection via export

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the command-line export command. An authenticated System User with OWNER or EDITOR roles can create tables or fields with malicious names containing SurrealQL. When a...

9.4CVSS5.4AI score
Exploits0References2
Rows per page
Query Builder