Product
SurrealDB versions prior to 1.0.1 are vulnerable due to default table permissions being set to FULL instead of NONE, allowing attackers with existing database access or unauthenticated users on publicly exposed instances to perform unrestricted SELECT, CREATE, UPDATE, and DELETE operations on tables that lack explicit permission settings, leading to unauthorized data access, modification, or deletion.