2 matches found
EUVD-2025-210491
SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...
AZL-68073 CVE-2025-9648 affecting package ceph for versions less than 18.2.2-11
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...