Lucene search
+L

4515 matches found

GithubExploit
GithubExploit
added yesterday35 views

FLOCK_CVE_SCANNER

FLOCKCVESCANNER Scan and exploit with permission Ov...

9.8CVSS5.4AI score0.01004EPSS
Exploits3
NVD
NVD
added yesterday7 views

CVE-2024-58365

SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...

7.1CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2024-58361

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday14 views

CVE-2024-58370 SurrealDB before 1.1.0 Uncontrolled Recursion Denial of Service

SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server...

7.1CVSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2024-55686

SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server...

7.1CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2024-58369

SurrealDB is affected by CVE-2024-58369 in versions before 1.1.1. The issue stems from improper validation of invocation of custom parameters and functions at root or namespace levels, allowing authorized clients to trigger invocations at unsupported levels and crash the server, resulting in a de...

7.1CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58365

SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...

7.1CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2024-55677

SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...

7.1CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-45309 AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.0, AsyncSSH expands the OpenSSH-compatible AuthorizedKeysFile %u token in asyncssh/config.py, asyncssh/connection.py,...

8.2CVSS0.00453EPSS
Exploits0References3
CVE
CVE
added 2 days ago41 views

CVE-2026-45309

CVE-2026-45309 affects AsyncSSH prior to 2.23.0. Root cause: the OpenSSH-style token %u in AuthorizedKeysFile was expanded from the remote username without rejecting path separators or .. segments, letting a username such as with traversal characters read an attacker-controlled authorized-keys fi...

8.2CVSS4.7AI score0.00453EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2 days ago11 views

CVE-2026-50526

A flaw was found in .NET. This vulnerability, stemming from improper link resolution before file access, allows an authorized local attacker to perform tampering. This could lead to unauthorized modification of data or system files...

7CVSS5.2AI score0.00159EPSS
Exploits0References4
NVD
NVD
added 3 days ago8 views

CVE-2026-62826

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-58598

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Backup Engine allows an authorized attacker to elevate privileges locally...

7CVSS6.1AI score0.00193EPSS
Exploits0References2Affected Software5
NVD
NVD
added 3 days ago7 views

CVE-2026-11889

SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product...

7.1CVSS0.00192EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-45039

SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product...

7.1CVSS6.1AI score0.00192EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 3 days ago65 views

Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS6.1AI score0.00227EPSS
Exploits0
Positive Technologies
Positive Technologies
added 3 days ago12 views

PT-2026-60596

Name of the Vulnerable Software and Affected Versions Windows Backup Engine affected versions not specified Description A race condition occurs in the Windows Backup Engine due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges local...

7CVSS5.2AI score0.00193EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 5 days ago8 views

CVE-2026-50526

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS6AI score0.00159EPSS
Exploits0References5
NVD
NVD
added 5 days ago13 views

CVE-2026-58638

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

6CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-58633

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00313EPSS
Exploits0References1
Rows per page
Query Builder