3601 matches found
CVE-2024-58365
SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...
CVE-2024-58361
SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...
CVE-2024-58369
SurrealDB is affected by CVE-2024-58369 in versions before 1.1.1. The issue stems from improper validation of invocation of custom parameters and functions at root or namespace levels, allowing authorized clients to trigger invocations at unsupported levels and crash the server, resulting in a de...
CVE-2024-58365
SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server...
EUVD-2024-55677
SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error...
CVE-2026-59252
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
EUVD-2026-45160
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-29114
creationtimestamp| type| source ---|---|--- 2026-07-16 19:00:12+00:00| seen| Telegram/vFDO5SwsZ7hIMyqUKVS5e9UBDOzM5D4lILt5pmQlyCTvgM 2026-07-16 19:00:12+00:00| seen| Telegram/vkQwkXUL30u3pRsZtV-s7rMERa3mU1vbncFib7BaHrS3aA 2026-07-17 00:00:27+00:00| seen|...
CVE-2026-59860 Kiota: XML Doc-Comment Newline Breakout Code Injection
Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C XML documentation-comment sink the description, externalDocs label, and externalDocs link fields emitted as /// … comments. When text from an OpenAPI...
CVE-2026-59860
Kiota is an OpenAPI-based HTTP client code generator. Prior to 1.32.3, it is affected by a code-generation injection in the C# XML documentation-comment sink when OpenAPI descriptions are written into single-line /// comments without stripping newline/Unicode terminators, allowing injection into ...
[SECURITY] Fedora 43 Update: xrdp-0.10.6.1-1.fc43
xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client...
EUVD-2026-44803
CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server...
CVE-2026-55398
CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a non-persistent DoS on the server. CVSS v4 base score 6.9 (Medium) with network attack, low complexit...
CVE-2026-55398 Memory management vulnerability in Secure Access clients
CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server...
CVE-2026-40958
CVE-2026-40958 involves an input validation error in Secure Access clients prior to 14.55. The root cause is improper input validation in the tunnel protocol handling, allowing attackers with intimate knowledge and total control of the tunnel protocol to trigger a non-persistent DoS against the c...
CVE-2026-40954 Integer underflow in Secure Access clients prior to 14.55
CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...
CVE-2026-40954
The CVE-2026-40954 entry describes an integer underflow in the traffic parsing function of Secure Access clients prior to 14.55. The vulnerability can be exploited by attackers with intimate knowledge of and total control over the tunnel protocol to cause a non-persistent DoS against their client...
EUVD-2026-44784
CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...
CVE-2026-40953
CVE-2026-40953: heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Local access with administrator permissions can cause a denial of service on the client. Affected software is Secure Access clients (versions before 14.55); root cause is a heap overflow in ...
CVE-2026-40953
CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...