Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time() function that panics when unwrap is called on a None… (CVE-2024-58357)CVE-2024-58357 0 SurrealDB versions before 2.1.0 contain an uncaught exception vulnerability in the rand::time() function that panics when unwrap is called on a None result from timestamp_opt. Authorized clients can repeatedly invoke rand::time() to reliably trigger server panics and cause denial of service. Join the discussion | GCVE Database | 07/18/2026, 15:31:48 UTC Added: 07/18/2026, 15:53:37 UTC |
SurrealDB versions before 2.1.0 contain a denial of service vulnerability in role conversion that allows privileged owner users to define users with… (CVE-2024-58358)CVE-2024-58358 0 SurrealDB versions before 2.1.0 contain a denial of service vulnerability in role conversion that allows privileged owner users to define users with nonexistent roles. Attackers can trigger an uncaught panic by signing in with a user assigned an invalid role, crashing the server. Join the discussion | GCVE Database | 07/18/2026, 15:31:48 UTC Added: 07/18/2026, 15:53:35 UTC |
SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line… (CVE-2024-58364)CVE-2024-58364 0 SurrealDB versions before 1.2.1 contain an uncaught exception handling vulnerability in span rendering when parsing queries with errors on line terminator characters. Authorized clients can submit malformed queries that trigger a panic in the span rendering code, crashing the server and causing denial of service. Join the discussion | GCVE Database | 07/18/2026, 15:31:48 UTC Added: 07/18/2026, 15:53:35 UTC |
SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand() clause. (CVE-2024-58359)CVE-2024-58359 0 SurrealDB versions before 2.1.0 contain a denial of service vulnerability in the sorting mechanism when using ORDER BY rand() clause. Authorized clients can execute queries with ORDER BY rand() to trigger a panic in the sorting function, crashing the server. Join the discussion | GCVE Database | 07/18/2026, 15:31:48 UTC Added: 07/18/2026, 15:53:35 UTC |
SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. (CVE-2024-58363)CVE-2024-58363 0 SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowing unauthorized actions if permissions rely solely on the $auth parameter. Join the discussion | GCVE Database | 07/18/2026, 15:31:48 UTC Added: 07/18/2026, 15:53:35 UTC |
SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. (CVE-2024-58361)CVE-2024-58361 0 SurrealDB versions before 2.0.4 contain an uncaught exception handling vulnerability in the parser error rendering code when processing empty strings. Authorized clients can execute malformed queries with empty string conversions to record, duration, or datetime types that cause a panic in error rendering, crashing the server. Join the discussion | GCVE Database | 07/18/2026, 15:31:48 UTC Added: 07/18/2026, 15:53:35 UTC |
SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... (CVE-2024-58356)CVE-2024-58356 0 SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, and the administrator may incorrectly believe the change was applied. As a result, a client authorized to run queries may continue to access data in that table that the updated (but unapplied) permissions were intended to restrict. Join the discussion | GCVE Database | 07/18/2026, 15:31:47 UTC Added: 07/18/2026, 15:53:35 UTC |
SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3) accepts an arbitrary object in the signin and signup operations of the RPC API without… (CVE-2024-58362)CVE-2024-58362 0 SurrealDB before 1.5.5 (and 2.0.0-beta before 2.0.0-beta.3) accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted users, an unauthenticated attacker can encode a binary object containing a subquery using the bincode serialization format and supply it in place of credentials. The subquery is then executed within the database owner's SIGNIN/SIGNUP query under a system user session with the editor role, allowing the attacker to select, create, update, and delete non-IAM resources (though not view the query results directly, and not affect IAM resources, which require the owner role). Join the discussion | GCVE Database | 07/18/2026, 15:31:48 UTC Added: 07/18/2026, 15:53:35 UTC |
SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or namespace levels, causing server… (CVE-2024-58369)CVE-2024-58369 0 SurrealDB versions before 1.1.1 fail to properly validate invocation of custom parameters and functions at root or namespace levels, causing server panic. Authorized clients can invoke these entities at unsupported levels to crash the SurrealDB server, resulting in denial of service. Join the discussion | GCVE Database | 07/18/2026, 15:31:49 UTC Added: 07/18/2026, 15:53:35 UTC |
SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions (at the root,… (CVE-2025-71397)CVE-2025-71397 0 SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions (at the root, namespace, or database level) to define custom database functions via DEFINE FUNCTION using nested FOR loops. Although a single loop's iteration count is constrained, nesting multiple loops (e.g., each with 1,000,000 iterations) is not, so an attacker can execute a function that consumes all server CPU time. Configured timeouts do not stop the execution, rendering the server unresponsive to other queries and connections until it is manually restarted. Join the discussion | GCVE Database | 07/18/2026, 15:31:49 UTC Added: 07/18/2026, 15:53:35 UTC |
Showing 1 to 10 of 22 results