77828 matches found
CVE-2025-71391
SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...
CVE-2025-71391 SurrealDB before 2.2.2 Denial of Service via /sql endpoint
SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...
EUVD-2025-210491
SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...
CVE-2025-71391
Technical details for CVE-2025-71391 are not publicly available in the provided documents. Monitor for updates, as affected versions, root cause, and fixes are not disclosed here.
CVE-2025-71391
SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...
CVE-2026-49852
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. Prior to 1.6.8, joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None, because HMACAlgorithm.sign...
EUVD-2026-45281
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. Prior to 1.6.8, joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None, because HMACAlgorithm.sign...
CVE-2026-8075
Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...
CVE-2026-8075 Posting a malicious markdown image crashes the Mattermost Desktop App
Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...
CVE-2026-8075
Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...
EUVD-2026-45157
Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...
kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...
kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...
CVE-2026-15352
CVE-2026-15352 affects NASA’s Core Flight System (cFS) Health & Safety (HS) application. The vulnerability allows a segmentation fault when handling a routine Housekeeping Telemetry request, resulting in a denial-of-service condition. Documents confirm the HS component and cFS are impacted; the i...
CVE-2026-15352 NASA Core Flight System (cFS) Health & Safety (HS) Application NULL Pointer Dereference
A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...
CVE-2026-15352 NASA Core Flight System (cFS) Health & Safety (HS) Application NULL Pointer Dereference
A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...
CVE-2026-53536
Activepieces is an open source AI workflow automation platform. Prior to 0.83.0, the /v1/step-files/signed download endpoint verified the supplied JWT against the shared signing secret but did not check the token's audience, and combined with a missing null-check on the decoded fileId, this allow...
CVE-2026-53536
Activepieces (open source AI workflow automation) exposed a cross-tenant file exposure vulnerability prior to version 0.83.0. The /v1/step-files/signed download endpoint validated the JWT against the shared signing secret but did not check the token’s audience and, due to a missing null-check on ...
CVE-2026-53536 Activepieces: Cross-tenant file download via missing JWT audience check on step-files signed URL
Activepieces is an open source AI workflow automation platform. Prior to 0.83.0, the /v1/step-files/signed download endpoint verified the supplied JWT against the shared signing secret but did not check the token's audience, and combined with a missing null-check on the decoded fileId, this allow...
Control Web Panel (CWP) - File Inclusion
In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...