Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion

Path Traversal in clearplugincache Allows Arbitrary Directory Deletion | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 | | Vulnerability | CWE-22 — Improper Limitation of a Pathname to a Restricted Directory | | Severity | High | Summa...

GHSA-J9RX-RPPG-6HH4 Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion

Path Traversal in clearplugincache Allows Arbitrary Directory Deletion | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 | | Vulnerability | CWE-22 — Improper Limitation of a Pathname to a Restricted Directory | | Severity | High | Summa...

PT-2026-48538

Name of the Vulnerable Software and Affected Versions anyquery versions prior to 0.4.5 Description A path traversal issue exists in the SQL scalar function clear plugin cache within the namespace/other functions.go file. The function accepts a plugin argument and passes it to path.Join and...

Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin

AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 commit 0abd460 | | Vulnerability | CWE-94 — Improper Control of Generation of Code | | Severity | High | Summary Th...

GHSA-HRJ8-HJV8-MGWC Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin

AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 commit 0abd460 | | Vulnerability | CWE-94 — Improper Control of Generation of Code | | Severity | High | Summary Th...

CVE-2025-61679

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of ...

CVE-2025-61679

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of ...

CVE-2025-61679 Anyquery Unauthenticated Access Vulnerability Exposes Private Integration Data

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of ...

CVE-2025-61679

Summary: CVE-2025-61679 affects Anyquery (SQLite-based SQL query engine). Versions ≤ 0.4.3 allow an attacker with localhost access (low privileges) to use the HTTP server via the port unauthenticated and access private integration data (e.g., emails) without provider login warnings. Root cause: u...

CVE-2025-61679 Anyquery Unauthenticated Access Vulnerability Exposes Private Integration Data

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of ...

CVE-2025-61679 Anyquery Unauthenticated Access Vulnerability Exposes Private Integration Data

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of ...

EUVD-2025-32429

Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of ...

PT-2025-40603

Name of the Vulnerable Software and Affected Versions Anyquery versions 0.4.3 and below Description Anyquery is an SQL query engine built on top of SQLite. Attackers who have gained access to localhost, even with low privileges, can use the http server through the port unauthenticated and access...

Anyquery 授权问题漏洞

Anyquery is a database tool by Julien C Personal Developer. An authorization issue vulnerability exists in Anyquery 0.4.3 and prior versions, which originates from unauthenticated HTTP server access and could lead to private integration data disclosure...