Lucene search
+L

372419 matches found

CVE
CVE
added yesterday9 views

CVE-2024-58358

SurrealDB versions before 2.1.0 are affected by a denial-of-service flaw in the role conversion logic. The issue lets privileged owner users define users with nonexistent roles; signing in with a user assigned an invalid role can trigger an uncaught panic, crashing the server. The vulnerability i...

6.9CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2024-58357

CVE-2024-58357 affects SurrealDB versions before 2.1.0. The vulnerability is an uncaught exception in the Rust rand::time() function that panics when unwrap is called on a None result from timestamp_opt. Authorized clients can repeatedly invoke rand::time() to trigger server panics, causing denia...

7.1CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2024-58356

SurrealDB prior to version 2.1.4 is affected by a permission-bypass issue. When using DEFINE TABLE ... OVERWRITE on tables defined with TYPE RELATION, the PERMISSIONS clause is not applied, so tightened permissions may not take effect and an authorized client could continue to access data. Affect...

2.3CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2023-54366

CVE-2023-54366 affects SurrealDB prior to 1.0.1, where default table permissions are set to FULL instead of NONE. This misconfiguration allows attackers with database access or unauthenticated users on publicly exposed instances to perform uncontrolled SELECT, CREATE, UPDATE, and DELETE operation...

8.8CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-16117

The CVE concerns @fastify/http-proxy (affected: up to 11.5.0) where URL prefix rewriting fails when the prefix segment is URL-encoded. Fastify decodes paths for route matching, but request.url keeps the original encoded form. The prefixRewrite step compares against the decoded prefix using a lite...

10CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-16119

CVE-2026-16119 affects nextlevelbuilder GoClaw up to 3.13.2, specifically the WebSocket Approval Endpoint’s internal/tools/exec_approval.go, function RequestApproval. A manipulation can cause incorrect authorization, and the attack can be carried out remotely. The exploit has been made public, wi...

6.5CVSS6.1AI score
Exploits0References7
CVE
CVE
added yesterday13 views

CVE-2026-59173

CVE-2026-59173 affects Apache Traffic Server versions 9.0.0–9.1.13 and 10.0.0–10.1.2. It describes an Uncontrolled Resource Consumption (DoS) scenario associated with HTTP/2 flow-control behavior. Upstream remediation is to upgrade to 9.1.14 or 10.1.3, which fixes the issue. The CVE entry consist...

5.3AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-15631

The CVE affects the Node.js package @fastify/http-proxy, versions 9.4.0 through 11.5.0. A WebSocket routing flaw in WebSocketProxy.findUpstream lets the WHATWG URL constructor collapse dot segments, causing crafted upgrade requests with path traversal to bypass the configured rewrite prefix and r...

8.7CVSS5.5AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-9147

CVE-2026-9147 affects uproot 5.7.4 and prior. The issue arises when uproot dynamically generates Python class source code from ROOT TStreamerInfo records and compiles it at runtime. Some file-controlled streamer metadata fields (e.g., streamer element names) are interpolated into the generated Py...

8.5CVSS6.2AI score
Exploits0References4
CVE
CVE
added yesterday13 views

CVE-2026-16158

Affected component: @fastify/reply-from. Versions 8.3.1 up to, but not including, 12.6.4 construct an internal URL cache key by concatenating destination and source paths without a delimiter, enabling cross-upstream data access when getUpstream selects an upstream from request data. This can caus...

8.7CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-16097

CVE-2026-16097 affects Shibby Tomato 1.28, specifically the Scheduler Name Handler’s sub_42537C function. Manipulating the argument a1 yields a stack-based buffer overflow, with remote execution possible. The issue is noted as superseded by FreshTomato. CVSS metrics in the accompanying data indic...

9CVSS8.6AI score
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-16096

CVE-2026-16096 affects Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. a stack-based overflow in the function sub_40BB50 of /proc/webmon_recent_domains can be triggered remotely. CVSS metrics indicate high impact to confidentiality, integrity, and availability (network vector, low access/privilege re...

9CVSS8.4AI score
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-16095

The CVE-2026-16095 issue affects Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affects the function setup_conntrack in /sbin/rc. Manipulating the argument ct_tcp_timeout can cause an out-of-bounds write, with a remote attacker able to trigger it. The project is superseded by FreshTomato. No remedia...

9CVSS7.5AI score
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-16088

Summary : CVE-2026-16088 affects halo-dev halo up to version 2.24.2. The vulnerability targets the Download function in MigrationEndpoint.java within the Files Backup Endpoint, where input manipulation enables path traversal. This allows remote exploitation, and public exploits have surfaced. Det...

5.8CVSS5AI score
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-16085

The vulnerability CVE-2026-16085 affects Sipeed PicoClaw up to version 0.2.9. It resides in the function NewContextBuilder in pkg/agent/context.go, where manipulation can cause inclusion of functionality from an untrusted control sphere. The attack is local, and the exploit has been publicly disc...

5.3CVSS5.2AI score0.00142EPSS
Exploits0References6
CVE
CVE
added yesterday11 views

CVE-2026-16084

Affected software/hardware: Sipeed PicoClaw (up to version 0.2.9). Vulnerable component: function web_fetch in pkg/tools/integration/web.go. Root cause: manipulation enabling server-side request forgery (SSRF). Impact: remote exploitation possible with low attack complexity and network access; ab...

7.5CVSS6.9AI score0.00401EPSS
Exploits0References8
CVE
CVE
added yesterday10 views

CVE-2026-47871

The CVE-2026-47871 issue affects VMware Avi Load Balancer and is a directory traversal vulnerability caused by flaws in file path validation. Affected versions and fixed milestones are: 32.1.1 (fixed in 32.1.2); 31.1.1–31.2.2 (fixed in 31.2.2-2p3); 30.1.1–30.2.6 (fixed in 30.2.7); and 22.1.1–22.1...

8.8CVSS5.2AI score0.00902EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-47870

CVE-2026-47870 affects VMware Avi Load Balancer. A malicious authenticated user with network access can potentially execute remote code due to a privilege-escalation flaw. Affected versions and fixes shown in public records: 32.1.1 (fixed in 32.1.2); 31.1.1–31.2.2 (fixed in 31.2.2-2p3); 30.1.1–30...

7.1CVSS5.5AI score0.0039EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-47869

CVE-2026-47869 describes a remote code execution flaw in VMware Avi Load Balancer. An authenticated user with network access can inject and execute code. Affected versions and fixed releases: 32.1.1 (fixed in 32.1.2); 31.1.1–31.2.2 (fixed in 31.2.2-2p3); 30.1.1–30.2.6 (fixed in 30.2.7); 22.1.1–22...

8.7CVSS6.3AI score0.00682EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-47868

CVE-2026-47868 concerns VMware Avi Load Balancer. A local privilege escalation allows a user with local access to run code as root. Affected versions are: 32.1.1 (fixed in 32.1.2); 31.1.1–31.2.2 (fixed in 31.2.2-2p3); 30.1.1–30.2.6 (fixed in 30.2.7); 22.1.1–22.1.7 (fixed in 30.2.7). CVSSv3.1 base...

7.8CVSS5.4AI score0.00147EPSS
Exploits0References1
Rows per page
Query Builder