{"resultsPerPage":33,"startIndex":0,"totalResults":33,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-18T18:53:30.130","vulnerabilities":[{"cve":{"id":"CVE-2026-15631","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-07-18T13:17:05.323","lastModified":"2026-07-18T13:17:05.323","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which collapses dot segments, so a crafted upgrade request with path traversal sequences can escape the rewrite prefix and reach upstream endpoints that were not meant to be exposed by the proxy. This is a variant of CVE-2021-21322 in a code path that never went through the HTTP fix in fastify/reply-from. Exploitation requires a non-normalizing WebSocket client, since browsers and the ws package normalize the request path before sending, but raw HTTP clients or downstream proxies that forward the request target unchanged make the attack reachable in production topologies. \n\nPatches: upgrade to @fastify/http-proxy 11.6.0. \n\nWorkarounds: none."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"@fastify/http-proxy","product":"@fastify/http-proxy","defaultStatus":"unaffected","packageURL":"pkg:npm/@fastify/http-proxy","versions":[{"version":"9.4.0","lessThan":"11.6.0","versionType":"semver","status":"affected"},{"version":"11.6.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.8}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb"},{"url":"https://github.com/fastify/fastify-http-proxy/security/advisories/GHSA-7hrw-592w-9wh2","source":"ce714d77-add3-4f53-aff5-83d477b104bb"}]}},{"cve":{"id":"CVE-2026-16158","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-07-18T13:17:06.030","lastModified":"2026-07-18T13:17:06.030","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URLs. When getUpstream selects an upstream from request data, a URL cached for one upstream can be reused for a request intended for another upstream, causing cross-upstream data access and modification. The default configuration is affected. Setting disableCache to true prevents the behavior. Patches: upgrade to @fastify/reply-from 12.6.4. Workarounds: pass disableCache: true when registering the plugin."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"@fastify/reply-from","product":"@fastify/reply-from","defaultStatus":"unaffected","packageURL":"pkg:npm/@fastify/reply-from","versions":[{"version":"8.3.1","lessThan":"12.6.4","versionType":"semver","status":"affected"},{"version":"12.6.4","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.8}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-441"}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb"},{"url":"https://github.com/fastify/fastify-reply-from/security/advisories/GHSA-v574-6498-x57v","source":"ce714d77-add3-4f53-aff5-83d477b104bb"}]}},{"cve":{"id":"CVE-2026-59173","sourceIdentifier":"security@apache.org","published":"2026-07-18T13:17:06.150","lastModified":"2026-07-18T14:17:12.077","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Resource Consumption vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 9.0.0 through 9.1.13, from 10.0.0 through 10.1.2.\n\nUsers are recommended to upgrade to version 9.1.14 or 10.1.3, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Traffic Server","defaultStatus":"unaffected","versions":[{"version":"9.0.0","lessThanOrEqual":"9.2.13","versionType":"semver","status":"affected"},{"version":"10.0.0","lessThanOrEqual":"10.1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://lists.apache.org/thread/lhlbhphmv5dsfgx1fx84mgonzbocpzhd","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/17/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-9147","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T13:17:06.273","lastModified":"2026-07-18T13:17:06.273","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields (for example, streamer element names) are interpolated into the generated Python source without safe quoting via repr() or the !r format specifier. An attacker who can supply a crafted ROOT file can place Python expression-breaking content into a streamer metadata field. When uproot generates and invokes the corresponding reader method, the injected Python expression is evaluated in the context of the process opening the file, resulting in arbitrary Python code execution in applications that open or process attacker-controlled ROOT files with affected uproot code paths."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"scikit-hep","product":"uproot","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"5.7.4","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/scikit-hep/uproot5","source":"disclosure@vulncheck.com"},{"url":"https://github.com/scikit-hep/uproot5/commit/c045c2824295d907d2e705f31110c742928e50e7","source":"disclosure@vulncheck.com"},{"url":"https://github.com/scikit-hep/uproot5/security/advisories/GHSA-6946-mq52-g438","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/uproot-and-before-code-injection-via-tstreamerinfo-metadata","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2023-54366","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:07.603","lastModified":"2026-07-18T14:17:07.603","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 1.0.1 sets default table permissions to FULL instead of NONE, allowing SELECT, CREATE, UPDATE, and DELETE operations on tables without explicit permissions. Attackers with database access or unauthenticated users on publicly exposed instances can perform unrestricted operations on unprotected tables within their authorization scope."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"1.0.1","versionType":"semver","status":"affected"},{"version":"1.0.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-x5fr-7hhj-34j3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-insecure-default-table-permissions","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58356","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:08.363","lastModified":"2026-07-18T14:17:08.363","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, and the administrator may incorrectly believe the change was applied. As a result, a client authorized to run queries may continue to access data in that table that the updated (but unapplied) permissions were intended to restrict."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.1.4","versionType":"semver","status":"affected"},{"version":"2.1.4","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb-core","versions":[{"version":"0","lessThan":"2.1.4","versionType":"semver","status":"affected"},{"version":"2.1.4","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-27vq-hv74-7cqp","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-permission-bypass-via-define-table-overwrite","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58357","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:08.503","lastModified":"2026-07-18T14:17:08.503","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time() function that panics when unwrap is called on a None result from timestamp_opt. Authorized clients can repeatedly invoke rand::time() to reliably trigger server panics and cause denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.1.0","versionType":"semver","status":"affected"},{"version":"2.1.0","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb-core","versions":[{"version":"0","lessThan":"2.1.0","versionType":"semver","status":"affected"},{"version":"2.1.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-h4f5-h82v-5w4r","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-rand-time","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58358","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:08.643","lastModified":"2026-07-18T14:17:08.643","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 2.1.0 contain a denial of service vulnerability in role conversion that allows privileged owner users to define users with nonexistent roles. Attackers can trigger an uncaught panic by signing in with a user assigned an invalid role, crashing the server."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.1.0","versionType":"semver","status":"affected"},{"version":"2.1.0","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb-core","versions":[{"version":"0","lessThan":"2.1.0","versionType":"semver","status":"affected"},{"version":"2.1.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-jc55-246c-r88f","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-nonexistent-role","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58359","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:08.780","lastModified":"2026-07-18T14:17:08.780","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand() clause. Authorized clients can execute queries with ORDER BY rand() to trigger a panic in the sorting function, crashing the server."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.1.0","versionType":"semver","status":"affected"},{"version":"2.1.0","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb-core","versions":[{"version":"0","lessThan":"2.1.0","versionType":"semver","status":"affected"},{"version":"2.1.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-m52v-24p8-654f","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-rand-sorting","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58361","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:08.917","lastModified":"2026-07-18T14:17:08.917","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error rendering, crashing the server."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"2.0.0","lessThan":"2.0.4","versionType":"semver","status":"affected"},{"version":"2.0.4","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb-core","versions":[{"version":"2.0.0","lessThan":"2.0.4","versionType":"semver","status":"affected"},{"version":"2.0.4","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-qjrv-v6qp-x99x","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-parser-exception","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58362","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:09.047","lastModified":"2026-07-18T14:17:09.047","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3) accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted users, an unauthenticated attacker can encode a binary object containing a subquery using the bincode serialization format and supply it in place of credentials. The subquery is then executed within the database owner's SIGNIN/SIGNUP query under a system user session with the editor role, allowing the attacker to select, create, update, and delete non-IAM resources (though not view the query results directly, and not affect IAM resources, which require the owner role)."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"1.5.5, 2.0.0-beta.3","versionType":"semver","status":"affected"},{"version":"1.5.5, 2.0.0-beta.3","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb-core","versions":[{"version":"0","lessThan":"1.5.2","versionType":"semver","status":"affected"},{"version":"1.5.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-75"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-64f8-pjgr-9wmr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-query-injection-via-rpc-api","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58363","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:09.187","lastModified":"2026-07-18T14:17:09.187","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowing unauthorized actions if permissions rely solely on the $auth parameter."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"1.5.4","versionType":"semver","status":"affected"},{"version":"1.5.4","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.0.0-alpha.6","versionType":"semver","status":"affected"},{"version":"2.0.0-alpha.6","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb-core","versions":[{"version":"0","lessThan":"1.5.1","versionType":"semver","status":"affected"},{"version":"1.5.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-gh9f-6xm2-c4j2","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-authentication-bypass-via-database-switch","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58364","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:09.320","lastModified":"2026-07-18T14:17:09.320","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"1.2.1","versionType":"semver","status":"affected"},{"version":"1.2.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-8xff-473h-f863","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-parsing-error","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58365","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:09.460","lastModified":"2026-07-18T14:17:09.460","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"1.2.0","versionType":"semver","status":"affected"},{"version":"1.2.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-6wr5-jmpr-mjcx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-nonexistent-function","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58366","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:09.600","lastModified":"2026-07-18T14:17:09.600","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw_type function when scripting is enabled. Attackers with scripting privileges can supply format string sequences in error inputs to read arbitrary memory or execute code with SurrealDB process privileges."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"1.1.1","versionType":"semver","status":"affected"},{"version":"1.1.1","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/rquickjs","versions":[{"version":"0","lessThan":"0.4.2","versionType":"semver","status":"affected"},{"version":"0.4.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-134"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-q3gg-m8hr-h4x4","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-format-string-via-scripting-functions","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58367","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:09.737","lastModified":"2026-07-18T14:17:09.737","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 2.0.4 fail to properly enforce field permissions during SELECT, UPDATE, and DELETE operations, allowing authorized users to access unauthorized field values through various query techniques. Attackers can exploit SELECT VALUE operations, field aliasing, function arguments, WHERE clause filtering, RETURN BEFORE clauses, and SET clause references to leak protected field contents despite lacking SELECT permissions."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.0.4","versionType":"semver","status":"affected"},{"version":"2.0.4","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb-core","versions":[{"version":"0","lessThan":"2.0.4","versionType":"semver","status":"affected"},{"version":"2.0.4","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-9722-9j67-vjcr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-improper-authorization-via-select-permissions","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58368","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:09.867","lastModified":"2026-07-18T14:17:09.867","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST API requests containing special characters. Unauthenticated attackers can send crafted HTTP requests with malformed header values to trigger an uncaught exception that crashes the server."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"1.1.0","versionType":"semver","status":"affected"},{"version":"1.1.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-m24x-r6q3-2vp9","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-http-headers","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58369","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:10.003","lastModified":"2026-07-18T14:17:10.003","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or namespace levels, causing server panic. Authorized clients can invoke these entities at unsupported levels to crash the SurrealDB server, resulting in denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"1.1.1","versionType":"semver","status":"affected"},{"version":"1.1.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-jm4v-58r5-66hj","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-global-parameters","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2024-58370","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:10.140","lastModified":"2026-07-18T14:17:10.140","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 1.1.0 fail to enforce recursion depth limits when parsing nested SurrealQL statements including IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to cause stack overflow and crash the server."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"1.1.0","versionType":"semver","status":"affected"},{"version":"1.1.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-674"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-6r8p-hpg7-825g","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-uncontrolled-recursion-denial-of-service","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71390","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:10.300","lastModified":"2026-07-18T14:17:10.300","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 2.2.6, 2.3.6, and 2.1.8 (and 3.0.0-alpha.7 and earlier) fails to validate DNS-resolved hostnames against --deny-net network access restrictions in its http::* functions. An authenticated user can invoke http::<fn>(<url>) with a hostname that resolves to a denied IP address, causing the server to issue the request anyway and return the response. This bypasses network access controls, allowing access to restricted internal endpoints and potentially retrieving or altering sensitive information and credentials, depending on the deployment."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.3.6, 2.2.6","versionType":"semver","status":"affected"},{"version":"2.3.6, 2.2.6","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-m3c3-78fh-w3w7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-deny-net-bypass-via-dns-resolution","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71391","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:10.457","lastModified":"2026-07-18T14:17:10.457","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instance and any dependent applications."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.2.2","versionType":"semver","status":"affected"},{"version":"2.2.2","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.1.5","versionType":"semver","status":"affected"},{"version":"2.1.5","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.0.5","versionType":"semver","status":"affected"},{"version":"2.0.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-rq86-9m6r-cm3g","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-sql-endpoint","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71392","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:10.580","lastModified":"2026-07-18T14:17:10.580","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the command-line export command. An authenticated System User with OWNER or EDITOR roles can create tables or fields with malicious names containing SurrealQL. When a higher-privileged user subsequently imports the exported backup, the injected SurrealQL executes, enabling privilege escalation and root-level takeover of the SurrealDB instance. Applications that let users define custom tables or fields are also exposed to a universal second-order SurrealQL injection even when query parameters are sanitized."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.2.2","versionType":"semver","status":"affected"},{"version":"2.2.2","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.1.5","versionType":"semver","status":"affected"},{"version":"2.1.5","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.0.5","versionType":"semver","status":"affected"},{"version":"2.0.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-ccj3-5p93-8p42","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-surrealql-injection-via-export","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71393","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:10.703","lastModified":"2026-07-18T14:17:10.703","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 2.2.2 with scripting enabled fails to properly enforce recursion limits when native functions contain embedded JavaScript that issues new queries. Authenticated attackers can bypass the recursion limit by chaining native and JavaScript function calls to trigger infinite recursion and exhaust server memory."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.2.2","versionType":"semver","status":"affected"},{"version":"2.2.2","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.1.5","versionType":"semver","status":"affected"},{"version":"2.1.5","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.0.5","versionType":"semver","status":"affected"},{"version":"2.0.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-674"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-m7rc-8w7m-r9qr","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-memory-exhaustion-via-nested-functions","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71394","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:10.837","lastModified":"2026-07-18T14:17:10.837","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenticated users to read arbitrary files on the file system. Attackers with root, namespace, or database level privileges can point analyzers to arbitrary file paths and exfiltrate content from two-column tab-separated files."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.2.2","versionType":"semver","status":"affected"},{"version":"2.2.2","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.1.5","versionType":"semver","status":"affected"},{"version":"2.1.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-2cvj-g5r5-jrrg","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-local-file-read-via-define-analyzer","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71395","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:10.963","lastModified":"2026-07-18T14:17:10.963","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restrict resulting string length when using regex patterns. An authenticated attacker can craft a malicious query to exhaust server memory through unbounded string allocations, causing denial of service."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.2.2","versionType":"semver","status":"affected"},{"version":"2.2.2","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.1.5","versionType":"semver","status":"affected"},{"version":"2.1.5","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.0.5","versionType":"semver","status":"affected"},{"version":"2.0.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-789"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-3633-g6mg-p6qq","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-memory-exhaustion-via-string-replace","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71396","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:11.087","lastModified":"2026-07-18T14:17:11.087","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 does not enforce a default execution-time limit on embedded JavaScript scripting functions when the scripting capability is explicitly enabled (via --allow-scripting or --allow-all). An authenticated attacker can submit long-running JavaScript functions to exhaust server resources and cause a denial of service. Scripting is disabled by default."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.2.2","versionType":"semver","status":"affected"},{"version":"2.2.2","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.0.5","versionType":"semver","status":"affected"},{"version":"2.0.5","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.1.5","versionType":"semver","status":"affected"},{"version":"2.1.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-3824-qmfq-2qv7","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-javascript-scripting","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71397","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:11.220","lastModified":"2026-07-18T14:17:11.220","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions (at the root, namespace, or database level) to define custom database functions via DEFINE FUNCTION using nested FOR loops. Although a single loop's iteration count is constrained, nesting multiple loops (e.g., each with 1,000,000 iterations) is not, so an attacker can execute a function that consumes all server CPU time. Configured timeouts do not stop the execution, rendering the server unresponsive to other queries and connections until it is manually restarted."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.2.2","versionType":"semver","status":"affected"},{"version":"2.2.2","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.1.5","versionType":"semver","status":"affected"},{"version":"2.1.5","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/SurrealDB","versions":[{"version":"0","lessThan":"2.0.5","versionType":"semver","status":"affected"},{"version":"2.0.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-pxw4-94j3-v9pf","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-cpu-exhaustion-via-nested-for-loops","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2025-71398","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:11.347","lastModified":"2026-07-18T14:17:11.347","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"SurrealDB before 2.2.2 fails to validate HTTP redirects in http functions, allowing authenticated users to bypass deny-net restrictions by redirecting to blocked IP addresses. Attackers can host a public server that redirects to denied network targets, enabling server-side request forgery to access internal endpoints and retrieve sensitive information."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.2.2","versionType":"semver","status":"affected"},{"version":"2.2.2","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.1.5","versionType":"semver","status":"affected"},{"version":"2.1.5","versionType":"semver","status":"unaffected"}]},{"vendor":"surrealdb","product":"surrealdb","defaultStatus":"unaffected","packageURL":"pkg:cargo/surrealdb","versions":[{"version":"0","lessThan":"2.0.5","versionType":"semver","status":"affected"},{"version":"2.0.5","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/surrealdb/surrealdb/security/advisories/GHSA-5q9x-554g-9jgg","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/surrealdb-before-ssrf-via-http-redirect-bypass","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-11826","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:11.480","lastModified":"2026-07-18T14:17:11.480","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in webserver/core/modbus_master.cpp. getData() reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig() the function is invoked with the 100-byte heap-allocated MB_device.dev_name field. An authenticated attacker with access to the OpenPLC web interface can send a crafted HTTP POST to the /modbus endpoint with an oversized device_name value; the value is persisted to mbconfig.cfg and parsed on load, overflowing dev_name and overwriting adjacent struct fields (protocol at offset 108, dev_address at offset 109, ip_port at offset 210). A 200-byte payload writes 100 bytes past the allocation. The result is heap corruption leading to runtime crash and denial of service of the PLC process control loop, with attacker-controlled overwrite of adjacent configuration fields. The upstream repository was archived on 2026-04-04 and no fix is expected; the vendor has confirmed the issue does not affect OpenPLC Runtime v4."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"openplcproject","product":"OpenPLC_v3","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"b470206","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://gist.github.com/Shukhrat-03/5cf1825b72e485ef98a32958dfbc611a#security-vulnerability-report","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thiagoralves/OpenPLC_v3","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thiagoralves/OpenPLC_v3/commit/b4702061dc14d1024856f71b4543298d77007b88","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/openplc-v3-heap-based-buffer-overflow-in-modbus-master-getdata","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-16117","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-07-18T14:17:11.620","lastModified":"2026-07-18T14:17:11.620","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router URL-decodes paths for route matching, but request.url retains the original encoded form, and the prefix-rewrite step uses a literal string replace against the decoded prefix. A request that encodes one or more characters of the configured prefix therefore matches the route but skips the rewrite, so the raw encoded path is forwarded to the upstream unchanged. The upstream then decodes the path and serves it, letting an attacker reach upstream paths that the proxy was configured to hide via rewritePrefix, including internal or administrative endpoints.\n\nPatches: upgrade to @fastify/http-proxy 11.6.0.\n\nWorkarounds: none."}],"affected":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","affectedData":[{"vendor":"@fastify/http-proxy","product":"@fastify/http-proxy","defaultStatus":"unaffected","packageURL":"pkg:npm/@fastify/http-proxy","versions":[{"version":"0","lessThan":"11.6.0","versionType":"semver","status":"affected"},{"version":"11.6.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.8}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb"},{"url":"https://github.com/fastify/fastify-http-proxy/security/advisories/GHSA-mx7v-qhg9-2mvv","source":"ce714d77-add3-4f53-aff5-83d477b104bb"}]}},{"cve":{"id":"CVE-2026-16119","sourceIdentifier":"cna@vuldb.com","published":"2026-07-18T14:17:11.740","lastModified":"2026-07-18T14:17:11.740","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/exec_approval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"nextlevelbuilder","product":"GoClaw","cpes":["cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:*"],"modules":["WebSocket Approval Endpoint"],"versions":[{"version":"3.13.0","status":"affected"},{"version":"3.13.1","status":"affected"},{"version":"3.13.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/nextlevelbuilder/goclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1212","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1212#issuecomment-4760281066","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16119","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856825","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379828","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379828/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-16120","sourceIdentifier":"cna@vuldb.com","published":"2026-07-18T14:17:11.907","lastModified":"2026-07-18T14:17:11.907","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in nextlevelbuilder GoClaw up to 3.13.3-beta.3. This impacts the function matchesAllowlist/extractBin of the file internal/tools/exec_approval.go. Executing a manipulation can lead to incorrectly-resolved name. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"nextlevelbuilder","product":"GoClaw","cpes":["cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:*"],"versions":[{"version":"3.13.3-beta.0","status":"affected"},{"version":"3.13.3-beta.1","status":"affected"},{"version":"3.13.3-beta.2","status":"affected"},{"version":"3.13.3-beta.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-706"}]}],"references":[{"url":"https://github.com/nextlevelbuilder/goclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1213","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1213#issuecomment-4760246569","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16120","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856826","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379829","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379829/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-9323","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-18T14:17:12.170","lastModified":"2026-07-18T14:17:12.170","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The urwid web display backend (urwid/display/web.py) generates web session identifiers (urwid_id) in Screen.start() by concatenating two random.randrange(10**9) calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and the Mersenne Twister internal state is approximately 19,937 bits, so an attacker who observes approximately 334 session IDs (for example via the X-Urwid-ID HTTP response header) can fully reconstruct the internal state and predict all past and future session IDs (Path B). The same identifier is also used as the filename of a FIFO created in the world-listable /tmp directory (for example /tmp/urwid375487765176907690.in), so any local user on the host can list /tmp to enumerate active session tokens directly (Path A). With a valid session ID, an attacker can read the victim's terminal screen via the polling endpoint, inject keystrokes into the victim's session (yielding OS-level code execution with the session owner's privileges if the session runs a shell), and inject exit sequences or flood the FIFO to terminate or crash the session. A prior Bandit S311 warning on this usage was suppressed with # noqa: S311 rather than fixed"}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"urwid","product":"urwid","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"24acd12","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-338"}]}],"references":[{"url":"https://github.com/urwid/urwid","source":"disclosure@vulncheck.com"},{"url":"https://github.com/urwid/urwid/commit/24acd12f0d0598036d0d577f2ee63e4a27b4a3d9","source":"disclosure@vulncheck.com"},{"url":"https://github.com/urwid/urwid/issues/1127","source":"disclosure@vulncheck.com"},{"url":"https://github.com/urwid/urwid/pull/1128","source":"disclosure@vulncheck.com"},{"url":"https://github.com/urwid/urwid/security/advisories/GHSA-rjwp-g85x-gmjv","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/insecure-prng-and-information-exposure-in-urwid-web-display-backend","source":"disclosure@vulncheck.com"}]}}]}