Pterodactyl has a database resource limit bypass via race condition in Client API

Summary The Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Details Inside DatabaseController.php, the...

PT-2026-6505

Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings...

CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop due to improper handling of the SQLite maximum parameter limit in the activitycron component. An attacker can cause the system to repeatedly re-upload and reprocess the same activity log data by triggering a condition wher...

GaussDB Kernel: Limiting Connections to the Database

To control the number of sessions that access the database, the number of sessions connected to the database must be limited, preferably within 1024. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...