163 matches found
SUSE-SU-2026:22166-1 Security update for sqlite3
This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...
SUSE-SU-2026:22104-1 Security update for sqlite3
This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...
SUSE-SU-2026:22134-1 Security update for sqlite3
This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...
CVE-2026-42812
In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...
GHSA-R2F4-FF2P-XC64 Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save
My name is Oscar Uribe, Security Researcher at Fluid Attacks. I am reaching out because we have identified a security vulnerability in Pimcore 12.3.3 that we would like to report to you so we can coordinate a responsible disclosure together. As part of our standard disclosure measures, we follow ...
CVE-2026-40829 Authenticated SQLi in UpdateParam function
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...
PT-2026-43564
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...
Astra Linux – Vulnerability in SQLite3
In SQLite 3.31.1, there is an out-of-bounds access issue involving the ALTER TABLE operation for views that contain nested FROM clauses...
Astra Linux – Vulnerability in SQLite3
In SQLite version 3.31.1, the ALTER TABLE implementation contains a use-after-free issue, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement...
Astra Linux – Vulnerability in SQLite3
In SQLite, from version 3.30.1 onwards, alter.c allows attackers to trigger infinite recursion through certain types of self-referential views in conjunction with ALTER TABLE statements...
Apache Polaris has an Improper Input Validation issue
In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...
CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path`
In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...
CVE-2026-28438
CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose...
CVE-2026-28438
CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose...
CVE-2026-28438 CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements
CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose...
CVE-2026-28438 CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements
CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose...
CVE-2026-28438 CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements
CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose...
CVE-2026-28438
CVE-2026-28438 affects CocoIndex: Doris target connector before 0.3.34 did not validate the configured table name when constructing ALTER TABLE statements, enabling SQL injection if a table name from an untrusted upstream is used during schema changes. The issue has been patched in version 0.3.34...
SQL Injection
Overview cocoindex is a With CocoIndex, users declare the transformation, CocoIndex creates & maintains an index, and keeps the derived index up to date based on source update, with minimal computation and changes. Affected versions of this package are vulnerable to SQL Injection in the Doris...
CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements
Impact The Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose vulnerability to SQL injection when target schema change. Patches Yes, it's fix...