CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above...

SQLite 安全漏洞

SQLite is a lightweight database from the SQLite open source, a relational database management system that adheres to ACID. A security vulnerability exists in SQLite versions prior to 3.50.2 that stems from the number of aggregated items may exceed the number of available columns, which may resul...

PT-2025-29558

Vulnerability Summary Name of the Vulnerable Software and Affected Versions: SQLite versions prior to 3.50.2 Description SQLite versions before 3.50.2 are vulnerable to a memory corruption issue due to an integer overflow that can occur when the number of aggregate terms exceeds the number of...

SQLite < 3.50.3 -- CWE-190 Integer Overflow or Wraparound in FTS5 module

https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g reports: An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to...

sqlite -- Integer Truncation on SQLite

[email protected] reports: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue...

matrix-sdk-sqlite: SQL injection vulnerability in `SqliteEventCacheStore::find_event_with_relations`

The SqliteEventCacheStore::findeventwithrelations function constructs SQL queries using format! with unescaped input, allowing an attacker to inject arbitrary SQL. This results in a SQL injection vulnerability...

CVE-2025-53549 Matrix Rust SDK allows SQL injection in the EventCache implementation

The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::findeventwithrelations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that...

SQLite DoS Vulnerability 3.49.0 < 3.49.1

The version of SQLite installed on the remote host is prior to 3.49.1 and is, therefore, affected by dos vulnerability where a certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer...

Tenable Security Center Multiple Vulnerabilities (TNS-2025-12)

According to its self-reported version, the Tenable Security Center running on the remote host is version 6.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-12 advisory. - In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause...

[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.4.0, 6.4.5 and 6.5.1: SC-202505.1 + SC-202506.1

R1 Stand-alone Security Patches Available for Tenable Security Center versions 6.4.0, 6.4.5 and 6.5.1: SC-202505.1 + SC-202506.1 Arnie Cabral Mon, 06/30/2025 - 11:41 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components...

GHSA-VH5J-5FHQ-9XWG Taylor has race condition in /get-patch that allows purchase token replay

Hi team, I was looking at the recent fix and you limited the exploitability of race conditions but unfortunately it is still possible to exploit the issue since two requests happening at the exact same time will still go through. You should be able to completely fix the race conditions by...

Taylor has race condition in /get-patch that allows purchase token replay

Hi team, I was looking at the recent fix and you limited the exploitability of race conditions but unfortunately it is still possible to exploit the issue since two requests happening at the exact same time will still go through. You should be able to completely fix the race conditions by...

SUSE-SU-2025:01456-2 Security update for sqlite3

This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function bsc1241020 - CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: - Updated to version 3.49.1 from Factory...

Security update for sqlite3

This update for sqlite3 fixes the following issues: CVE-2025-3277,CVE-2025-29087: Fixed integer overflow in sqlite concat function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: Updated to version 3.49.1 from Factory...

PT-2025-28303 · Npm · Taylored

Hi team, I was looking at the recent fix and you limited the exploitability of race conditions but unfortunately it is still possible to exploit the issue since two requests happening at the exact same time will still go through. You should be able to completely fix the race conditions by...

Oracle Linux 10 : sqlite (ELSA-2025-7517)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7517 advisory. - Fix for CVE-2025-3277 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

[SECURITY] Fedora 41 Update: atuin-18.3.0-4.fc41

Atuin replaces your existing shell history with a SQLite database, and records additional context for your commands. Additionally, it provides optional and fully encrypted synchronization of your history between machines, via an Atuin server...

[SECURITY] Fedora 42 Update: atuin-18.3.0-4.fc42

Atuin replaces your existing shell history with a SQLite database, and records additional context for your commands. Additionally, it provides optional and fully encrypted synchronization of your history between machines, via an Atuin server...

Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent

A single SQL injection bug in Anthropic’s SQLite MCP server—forked over 5,000 times—can seed stored prompts, exfiltrate data, and hand attackers the keys to entire agent workflows. This entry unpacks the attack chain and lays out concrete fixes to shut it down...

SQLite 3.44.0 < 3.49.1 Multiple Vulnerabilities

The version of SQLite installed on the remote host is 3.44.0 through 3.49.0 before 3.49.1. It is, therefore, affected by multiple vulnerabilities: - In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer...