CVE-2026-35202

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...

Pterodactyl Panel 安全漏洞

Pterodactyl Panel is an open-source game server management panel developed by Pterodactyl. Versions of Pterodactyl Panel prior to 1.12.3 contained security vulnerabilities. These vulnerabilities stemmed from a complete failure of the database locking mechanism, which could allow users to bypass...

PT-2026-43440

Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.12.3 Description The Client API contains a logic flaw allowing users to bypass assigned limits for database allocations. This occurs because the database locking mechanism within the controllers is ineffective...

AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance

Summary The transferBalance method in plugin/YPTWallet/YPTWallet.php contains a Time-of-Check-Time-of-Use TOCTOU race condition. The method reads the sender's wallet balance, checks sufficiency in PHP, then writes the new balance — all without database transactions or row-level locking. An attack...

EUVD-2026-10920

Sylius has a Promotion Usage Limit Bypass via Race Condition...

PT-2026-24478

Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.2.3 and above Description Sylius, an Open Source eCommerce Framework on Symfony, contains a Time-of-Check To Time-of-Use TOCTOU race condition in the...

EUVD-2015-8370

Malware in sbrugna...

February 1, 2022, update for Office 2016 (KB5002138)

February 1, 2022, update for Office 2016 KB5002138 This article describes update 5002138 for Microsoft Office 2016 that was released on February 1, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

Vulnerability of the Server component: Locking of the MySQL Server database management system, allowing attackers to cause service interruptions.

Vulnerability of the MySQL Server component: Locking the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL network protocol...

openGauss: Enabling the Auditing of Database Locking and Unlocking

The parameter audituserlocked specifies whether to audit the locking and unlocking of database users. After this parameter is set to on, the locking status of database accounts is traced. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources,...

Vulnerability of the Server component: Locking of the MySQL Server database management system, allowing attackers to cause service interruptions.

Vulnerability of the MySQL Server component: Locking the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

Design/Logic Flaw

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service excessive database locking via a crafted CSV file, a different vulnerability than CVE-2016-1153...

CVE-2006-3675

CVE-2006-3675 affects Password Safe versions 2.11, 2.16 and 3.0BETA1. The vulnerability arises because the software does not enforce the configured lock-on-workstation-lock or idle-time events when specific dialog windows are open, potentially allowing a local attacker with access to the workstat...

SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2006-008 Advisory Title: Password Safe - Lock Password Database Configuration Not Enforced Author: J.R. Wikes Release Date: 07-24-2006 Application:...

Lotus Domino /./ Request Database Locking DoS

It might be possible to lock out some Lotus Domino databases by requesting them through the web interface with a special request containing a '/./' string in the URL path. This attack is only efficient on databases that are not used by the server. Note that no real attack was performed, so this m...