CVE-2026-8503

Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand function, the epoch time, and the PID, that is hashed...

GHSA-H4F5-H82V-5W4R SurrealDB has an Uncaught Exception in Function Generating Random Time

The rand::time function in SurrealQL generates a random time from an optional range of two Unix timestamps. Due to the underlying use of timestampopt from the chrono crate, this function could potentially return None in some instances, leading to a panic when unwrap was called on its result in...

SurrealDB has an Uncaught Exception in Function Generating Random Time

The rand::time function in SurrealQL generates a random time from an optional range of two Unix timestamps. Due to the underlying use of timestampopt from the chrono crate, this function could potentially return None in some instances, leading to a panic when unwrap was called on its result in...

PT-2024-40311 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.1.0 Description: The issue arises from the rand::time function in SurrealQL, which can potentially return None and cause a panic when unwrap is called, leading to a denial of service. An authorized client can mak...