Lucene search
+L

10245 matches found

NVD
NVD
added yesterday6 views

CVE-2024-58364

SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing...

7.1CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2024-58357

SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time function that panics when unwrap is called on a None result from timestampopt. Authorized clients can repeatedly invoke rand::time to reliably trigger server panics and cause denial of service...

7.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58359

SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand clause. Authorized clients can execute queries with ORDER BY rand to trigger a panic in the sorting function, crashing the server...

7.1CVSS5.4AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2024-58359

SurrealDB prior to 2.1.0 contains a denial-of-service vulnerability in the sorting path when using ORDER BY rand(). Authorized clients can trigger a panic in the sorting function, crashing the server. The CVE covers SurrealDB versions before 2.1.0; exploitation details, affected versions beyond w...

7.1CVSS5.4AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2024-58357

CVE-2024-58357 affects SurrealDB versions before 2.1.0. The vulnerability is an uncaught exception in the Rust rand::time() function that panics when unwrap is called on a None result from timestamp_opt. Authorized clients can repeatedly invoke rand::time() to trigger server panics, causing denia...

7.1CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58357

SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time function that panics when unwrap is called on a None result from timestampopt. Authorized clients can repeatedly invoke rand::time to reliably trigger server panics and cause denial of service...

7.1CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2024-55674

SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time function that panics when unwrap is called on a None result from timestampopt. Authorized clients can repeatedly invoke rand::time to reliably trigger server panics and cause denial of service...

7.1CVSS5.3AI score
Exploits0References2
Cvelist
Cvelist
added 2 days ago40 views

CVE-2026-63308 Helm Files.Lines Denial of Service via Empty Chart Files

Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the Files.Lines template helper in pkg/engine/files.go that allows attackers to trigger an index out of range panic by including zero-length byte slices in chart files. Attackers can include empty files in...

5.3CVSS0.00234EPSS
Exploits0References4
NVD
NVD
added 3 days ago8 views

CVE-2026-62994

CoreDNS is a DNS server written in Go. From 1.9.4 until 1.14.5, a network DNS client allowed to request AXFR for a CoreDNS zone can trigger a panic when CoreDNS is configured with k8sexternal headless-service zone transfers and Kubernetes contains a headless service endpoint with no declared port...

3.7CVSS0.00275EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-62299 CoreDNS: rewrite-plugin EDNS0 response-revert nil-pointer panic (remote DoS) when a downstream plugin returns a response with no OPT record

CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0ReplaceResponseRuleT in plugin/rewrite/edns0.go, call res.IsEdns0 and immediately dereference the...

5.3CVSS0.00301EPSS
Exploits0References4
CVE
CVE
added 3 days ago6 views

CVE-2026-62299

CoreDNS (rewrite plugin, edns0.go) prior to version 1.14.5 could panic when a downstream plugin returns a response with no OPT record. The code path in edns0.go dereferenced a DNS OPT without a nil check, triggered by a query matching a rewrite edns0 rule (local/nsid/subnet with set/append/replac...

5.3CVSS6.1AI score0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-62994 CoreDNS `k8s_external` headless AXFR can emit an empty transfer batch that panics the `transfer` plugin

CoreDNS is a DNS server written in Go. From 1.9.4 until 1.14.5, a network DNS client allowed to request AXFR for a CoreDNS zone can trigger a panic when CoreDNS is configured with k8sexternal headless-service zone transfers and Kubernetes contains a headless service endpoint with no declared port...

3.7CVSS0.00275EPSS
Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-62994

CoreDNS vulnerability CVE-2026-62994 affects the Go-based DNS server in versions 1.9.4 through 1.14.5. When a network DNS client uses AXFR for a CoreDNS zone and CoreDNS is configured with the k8s_external headless-service zone transfers feature, and Kubernetes contains a headless service endpoin...

3.7CVSS6.1AI score0.00275EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 3 days ago10 views

Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant has SecurityPolicy + TCPRoute RBAC baseline - Tenant namespace permitted to attach TCPRoute to a Gateway listener - spec.authorization omitted the trigger - No admission...

6.1AI score0.00121EPSS
Exploits0References2Affected Software1
OSV
OSV
added 3 days ago4 views

CVE-2026-46377 Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the escape sequence handler in Tokenizer.parseCurRune in selector/lexer/tokenize.go increments past a trailing backslash in a quoted string such as "\ or '\ and then reads...

6.2CVSS6.1AI score0.00129EPSS
Exploits0References5
NVD
NVD
added 3 days ago9 views

CVE-2026-6424

Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system...

6.7CVSS0.00112EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-44903

Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system...

6.7CVSS6.1AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 3 days ago16 views

CVE-2026-6424

Technical details on CVE-2026-6424 are not publicly available in the provided documents. No information on affected products, versions, root cause, or mitigations. Monitor for updates.

6.7CVSS6.1AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago39 views

CVE-2026-6424 Use-after-free vulnerability in ESET security products for Linux

Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system...

6.7CVSS0.00112EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-60449

Name of the Vulnerable Software and Affected Versions ESET Linux products affected versions not specified Description A use-after-free issue exists in ESET Linux products. This occurs when a program continues to use a pointer after it has been freed, which could allow an attacker to trigger a...

6.7CVSS5.2AI score0.00112EPSS
Exploits0References4
Rows per page
Query Builder