4515 matches found
FLOCK_CVE_SCANNER
FLOCKCVESCANNER Scan and exploit with permission Ov...
CVE-2024-58365
SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...
CVE-2024-58361
SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...
CVE-2024-58370 SurrealDB before 1.1.0 Uncontrolled Recursion Denial of Service
SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server...
EUVD-2024-55686
SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server...
CVE-2024-58369
SurrealDB is affected by CVE-2024-58369 in versions before 1.1.1. The issue stems from improper validation of invocation of custom parameters and functions at root or namespace levels, allowing authorized clients to trigger invocations at unsupported levels and crash the server, resulting in a de...
CVE-2024-58365
SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...
EUVD-2024-55677
SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...
CVE-2026-45309 AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.0, AsyncSSH expands the OpenSSH-compatible AuthorizedKeysFile %u token in asyncssh/config.py, asyncssh/connection.py,...
CVE-2026-45309
CVE-2026-45309 affects AsyncSSH prior to 2.23.0. Root cause: the OpenSSH-style token %u in AuthorizedKeysFile was expanded from the remote username without rejecting path separators or .. segments, letting a username such as with traversal characters read an attacker-controlled authorized-keys fi...
CVE-2026-50526
A flaw was found in .NET. This vulnerability, stemming from improper link resolution before file access, allows an authorized local attacker to perform tampering. This could lead to unauthorized modification of data or system files...
CVE-2026-62826
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-58598
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Backup Engine allows an authorized attacker to elevate privileges locally...
CVE-2026-11889
SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product...
EUVD-2026-45039
SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product...
Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
PT-2026-60596
Name of the Vulnerable Software and Affected Versions Windows Backup Engine affected versions not specified Description A race condition occurs in the Windows Backup Engine due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges local...
CVE-2026-50526
Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...
CVE-2026-58638
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...
CVE-2026-58633
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally...