Lucene search
+L

5004743 matches found

NVD
NVD
added 23 minutes ago1 views

CVE-2026-9323

The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...

9.2CVSS
Exploits0References6
Chainguard
Chainguard
added 23 minutes ago2 views

CVE-2026-27124 vulnerabilities

Vulnerabilities for packages: mcp-atlassian...

8.2CVSS5.1AI score0.00207EPSS
Exploits1
Chainguard
Chainguard
added 23 minutes ago1 views

CVE-2026-32871 vulnerabilities

Vulnerabilities for packages: mcp-atlassian...

10CVSS5.1AI score0.01011EPSS
Exploits1
Chainguard
Chainguard
added 23 minutes ago1 views

CVE-2025-64340 vulnerabilities

Vulnerabilities for packages: mcp-atlassian...

7.8CVSS5.1AI score0.00749EPSS
Exploits1
NVD
NVD
added 23 minutes ago0 views

CVE-2025-71396

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 does not enforce a default execution-time limit on embedded JavaScript scripting functions when the scripting capability is explicitly enabled via --allow-scripting or --allow-all. An authenticated attacker can submit long-running...

2.3CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago0 views

CVE-2025-71397

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions at the root, namespace, or database level to define custom database functions via DEFINE FUNCTION using nested FOR loops. Although a single loop's iteration count is...

7.1CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago0 views

CVE-2025-71398

SurrealDB before 2.2.2 fails to validate HTTP redirects in http functions, allowing authenticated users to bypass deny-net restrictions by redirecting to blocked IP addresses. Attackers can host a public server that redirects to denied network targets, enabling server-side request forgery to acce...

5.8CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago1 views

CVE-2026-11826

OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS
Exploits0References4
NVD
NVD
added 23 minutes ago1 views

CVE-2026-16119

A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...

6.5CVSS
Exploits0References7
NVD
NVD
added 23 minutes ago1 views

CVE-2026-16120

A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/execapproval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has...

6.5CVSS
Exploits0References7
NVD
NVD
added 23 minutes ago2 views

CVE-2026-16117

Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router URL-decodes paths for route matching, but request.url retains the original encoded form, and the prefix-rewrite step uses a literal string...

10CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago1 views

CVE-2024-58369

SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or namespace levels, causing server panic. Authorized clients can invoke these entities at unsupported levels to crash the SurrealDB server, resulting in denial of service...

7.1CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago1 views

CVE-2024-58370

SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server...

7.1CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago0 views

CVE-2025-71390

SurrealDB before 2.2.6, 2.3.6, and 2.1.8 and 3.0.0-alpha.7 and earlier fails to validate DNS-resolved hostnames against --deny-net network access restrictions in its http:: functions. An authenticated user can invoke http:: with a hostname that resolves to a denied IP address, causing the server ...

5.8CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago1 views

CVE-2025-71391

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...

7.1CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago0 views

CVE-2025-71392

SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the command-line export command. An authenticated System User with OWNER or EDITOR roles can create tables or fields with malicious names containing SurrealQL. When a...

9.4CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago1 views

CVE-2025-71393

SurrealDB before 2.2.2 with scripting enabled fails to properly enforce recursion limits when native functions contain embedded JavaScript that issues new queries. Authenticated attackers can bypass the recursion limit by chaining native and JavaScript function calls to trigger infinite recursion...

6CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago0 views

CVE-2025-71394

SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenticated users to read arbitrary files on the file system. Attackers with root, namespace, or database level privileges can point analyzers to arbitrary file paths and...

2.3CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago1 views

CVE-2025-71395

SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restrict resulting string length when using regex patterns. An authenticated attacker can craft a malicious query to exhaust server memory through unbounded string allocations,...

7.1CVSS
Exploits0References2
NVD
NVD
added 23 minutes ago0 views

CVE-2024-58362

SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...

8.8CVSS
Exploits0References2
Rows per page
Query Builder