Lucene search
+L

77828 matches found

NVD
NVD
added yesterday6 views

CVE-2025-71391

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday14 views

CVE-2025-71391 SurrealDB before 2.2.2 Denial of Service via /sql endpoint

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...

7.1CVSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2025-210491

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...

7.1CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2025-71391

Technical details for CVE-2025-71391 are not publicly available in the provided documents. Monitor for updates, as affected versions, root cause, and fixes are not disclosed here.

7.1CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2025-71391

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...

7.1CVSS5.3AI score
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-49852

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. Prior to 1.6.8, joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None, because HMACAlgorithm.sign...

8.7CVSS0.00194EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45281

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. Prior to 1.6.8, joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None, because HMACAlgorithm.sign...

8.7CVSS5.3AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2 days ago9 views

CVE-2026-8075

Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...

6.5CVSS0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-8075 Posting a malicious markdown image crashes the Mattermost Desktop App

Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...

6.5CVSS0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-8075

Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...

6.5CVSS5.3AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-45157

Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...

6.5CVSS5.3AI score0.00235EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 3 days ago10 views

kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...

6AI score0.00126EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 3 days ago11 views

kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...

6AI score0.00126EPSS
Exploits0References6
CVE
CVE
added 3 days ago11 views

CVE-2026-15352

CVE-2026-15352 affects NASA’s Core Flight System (cFS) Health & Safety (HS) application. The vulnerability allows a segmentation fault when handling a routine Housekeeping Telemetry request, resulting in a denial-of-service condition. Documents confirm the HS component and cFS are impacted; the i...

8.2CVSS6.1AI score0.00358EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-15352 NASA Core Flight System (cFS) Health & Safety (HS) Application NULL Pointer Dereference

A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...

8.2CVSS5.3AI score0.00358EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-15352 NASA Core Flight System (cFS) Health & Safety (HS) Application NULL Pointer Dereference

A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...

8.2CVSS0.00358EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-53536

Activepieces is an open source AI workflow automation platform. Prior to 0.83.0, the /v1/step-files/signed download endpoint verified the supplied JWT against the shared signing secret but did not check the token's audience, and combined with a missing null-check on the decoded fileId, this allow...

5.3CVSS0.00184EPSS
Exploits0References4
CVE
CVE
added 3 days ago11 views

CVE-2026-53536

Activepieces (open source AI workflow automation) exposed a cross-tenant file exposure vulnerability prior to version 0.83.0. The /v1/step-files/signed download endpoint validated the JWT against the shared signing secret but did not check the token’s audience and, due to a missing null-check on ...

5.3CVSS6.1AI score0.00184EPSS
Exploits0References4
OSV
OSV
added 3 days ago5 views

CVE-2026-53536 Activepieces: Cross-tenant file download via missing JWT audience check on step-files signed URL

Activepieces is an open source AI workflow automation platform. Prior to 0.83.0, the /v1/step-files/signed download endpoint verified the supplied JWT against the shared signing secret but did not check the token's audience, and combined with a missing null-check on the decoded fileId, this allow...

5.3CVSS6.1AI score0.00184EPSS
Exploits0References6
Nuclei
Nuclei
added 3 days ago31 views

Control Web Panel (CWP) - File Inclusion

In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...

9.8CVSS7.3AI score0.70947EPSS
Exploits1References2
Rows per page
Query Builder