Lucene search
+L

372383 matches found

CVE
CVE
added yesterday9 views

CVE-2024-58364

CVE-2024-58364 affects SurrealDB before 1.2.1. An uncaught exception in the span rendering path triggers a panic when parsing malformed queries with errors on line terminator characters, leading to server denial of service. Public details in the connected sources indicate the impact is an in-proc...

7.1CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2024-58362

SurrealDB vulnerability CVE-2024-58362 affects prior releases (before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3) where an arbitrary object can be accepted in signin/signup via the RPC API without recursive validation for non-computed values. An unauthenticated attacker could encode a binary object...

8.8CVSS5.5AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2024-58363

SurrealDB prior to 1.5.4 contains an authentication validation flaw when a scope user switches databases with USE or the use method. If an authenticated session encounters a user identifier that exists in a different database, an attacker can impersonate an unrelated user in that database, enabli...

6.3CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2024-58361

SurrealDB is affected in versions before 2.0.4 by an uncaught exception in the parser error rendering path when processing empty strings. Authorized clients can issue malformed queries that convert empty strings to record, duration, or datetime types, triggering a panic in error rendering and cra...

7.1CVSS5.5AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2024-58359

SurrealDB prior to 2.1.0 contains a denial-of-service vulnerability in the sorting path when using ORDER BY rand(). Authorized clients can trigger a panic in the sorting function, crashing the server. The CVE covers SurrealDB versions before 2.1.0; exploitation details, affected versions beyond w...

7.1CVSS5.4AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2024-58358

SurrealDB versions before 2.1.0 are affected by a denial-of-service flaw in the role conversion logic. The issue lets privileged owner users define users with nonexistent roles; signing in with a user assigned an invalid role can trigger an uncaught panic, crashing the server. The vulnerability i...

6.9CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2024-58357

CVE-2024-58357 affects SurrealDB versions before 2.1.0. The vulnerability is an uncaught exception in the Rust rand::time() function that panics when unwrap is called on a None result from timestamp_opt. Authorized clients can repeatedly invoke rand::time() to trigger server panics, causing denia...

7.1CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2024-58356

SurrealDB prior to version 2.1.4 is affected by a permission-bypass issue. When using DEFINE TABLE ... OVERWRITE on tables defined with TYPE RELATION, the PERMISSIONS clause is not applied, so tightened permissions may not take effect and an authorized client could continue to access data. Affect...

2.3CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2023-54366

CVE-2023-54366 affects SurrealDB prior to 1.0.1, where default table permissions are set to FULL instead of NONE. This misconfiguration allows attackers with database access or unauthenticated users on publicly exposed instances to perform uncontrolled SELECT, CREATE, UPDATE, and DELETE operation...

8.8CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-16117

The CVE concerns @fastify/http-proxy (affected: up to 11.5.0) where URL prefix rewriting fails when the prefix segment is URL-encoded. Fastify decodes paths for route matching, but request.url keeps the original encoded form. The prefixRewrite step compares against the decoded prefix using a lite...

10CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-16119

CVE-2026-16119 affects nextlevelbuilder GoClaw up to 3.13.2, specifically the WebSocket Approval Endpoint’s internal/tools/exec_approval.go, function RequestApproval. A manipulation can cause incorrect authorization, and the attack can be carried out remotely. The exploit has been made public, wi...

6.5CVSS6.1AI score
Exploits0References7
CVE
CVE
added yesterday13 views

CVE-2026-59173

CVE-2026-59173 affects Apache Traffic Server versions 9.0.0–9.1.13 and 10.0.0–10.1.2. It describes an Uncontrolled Resource Consumption (DoS) scenario associated with HTTP/2 flow-control behavior. Upstream remediation is to upgrade to 9.1.14 or 10.1.3, which fixes the issue. The CVE entry consist...

5.3AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-15631

The CVE affects the Node.js package @fastify/http-proxy, versions 9.4.0 through 11.5.0. A WebSocket routing flaw in WebSocketProxy.findUpstream lets the WHATWG URL constructor collapse dot segments, causing crafted upgrade requests with path traversal to bypass the configured rewrite prefix and r...

8.7CVSS5.5AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-9147

CVE-2026-9147 affects uproot 5.7.4 and prior. The issue arises when uproot dynamically generates Python class source code from ROOT TStreamerInfo records and compiles it at runtime. Some file-controlled streamer metadata fields (e.g., streamer element names) are interpolated into the generated Py...

8.5CVSS6.2AI score
Exploits0References4
CVE
CVE
added yesterday10 views

CVE-2026-16158

Affected component: @fastify/reply-from. Versions 8.3.1 up to, but not including, 12.6.4 construct an internal URL cache key by concatenating destination and source paths without a delimiter, enabling cross-upstream data access when getUpstream selects an upstream from request data. This can caus...

8.7CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-16097

CVE-2026-16097 affects Shibby Tomato 1.28, specifically the Scheduler Name Handler’s sub_42537C function. Manipulating the argument a1 yields a stack-based buffer overflow, with remote execution possible. The issue is noted as superseded by FreshTomato. CVSS metrics in the accompanying data indic...

9CVSS8.6AI score
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-16096

CVE-2026-16096 affects Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. a stack-based overflow in the function sub_40BB50 of /proc/webmon_recent_domains can be triggered remotely. CVSS metrics indicate high impact to confidentiality, integrity, and availability (network vector, low access/privilege re...

9CVSS8.4AI score
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-16095

The CVE-2026-16095 issue affects Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affects the function setup_conntrack in /sbin/rc. Manipulating the argument ct_tcp_timeout can cause an out-of-bounds write, with a remote attacker able to trigger it. The project is superseded by FreshTomato. No remedia...

9CVSS7.5AI score
Exploits0References5
CVE
CVE
added yesterday9 views

CVE-2026-16088

Summary : CVE-2026-16088 affects halo-dev halo up to version 2.24.2. The vulnerability targets the Download function in MigrationEndpoint.java within the Files Backup Endpoint, where input manipulation enables path traversal. This allows remote exploitation, and public exploits have surfaced. Det...

5.8CVSS5AI score
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-16085

The vulnerability CVE-2026-16085 affects Sipeed PicoClaw up to version 0.2.9. It resides in the function NewContextBuilder in pkg/agent/context.go, where manipulation can cause inclusion of functionality from an untrusted control sphere. The attack is local, and the exploit has been publicly disc...

5.3CVSS5.2AI score0.00142EPSS
Exploits0References6
Rows per page
Query Builder