PT-2025-16150 · Crates.Io · Surrealdb

SurrealDB allows authenticated users with OWNER or EDITOR permissions at the root, database or namespace levels to define their own database functions using the DEFINE FUNCTION statement A custom database function comprises a name together with a function body. In the function body, the user...

Vyper has a double eval in For List Iter

Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body e.g. read a storage variable updated in the loop body and thus lead to unexpected progra...

PYSEC-2025-30

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body e.g. read a storage variable...

PYSEC-2025-30

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body e.g. read a storage variable...

CVE-2025-27104

Vulnerability CVE-2025-27104 affects vyper (Pythonic Smart Contract Language for the EVM): a for-loop iterator target can cause multiple evaluations of the iterator expression, allowing side effects from the loop body to be consumed and interleaved with reads in the loop, leading to unexpected pr...

CVE-2025-27104 double eval in For List Iter in Vyper

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body e.g. read a storage variable...

Unbounded for loops allows an attacker to freeze users' funds

Handle WatchPug Vulnerability details function claim external whenNotPaused nonReentrant requirebenRevocablemsg.sender1 == false, 'Account must not already be revoked.'; uint256 amount = claimableAmountmsg.sender.subbenClaimedmsg.sender; requireamount 0, "Claimable amount must be positive";...

Arbitrary Code Execution

bash is vulnerable to arbitrary code execution. The vulnerability exists in the readtokenword function where deeply nested for loops can cause arbitrary code execution...

CVE-2018-11598

Espruino before 1.99 allows attackers to cause a denial of service application crash and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c...

SuSE 11.3 Security Update : bash (SAT Patch Number 9780)

The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances. CVE-2014-7169 Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 a...

openSUSE Security Update : bash (openSUSE-SU-2014:1229-1) (Shellshock)

The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances CVE-2014-7169. Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 a...

Out-of-bounds

Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via deeply nested for loops, aka the "wordlineno" issue...

CVE-2014-7187

Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecified other impact via deeply nested for loops, aka the "wordlineno" issue...