[SECURITY] Fedora 42 Update: rust-rusqlite-0.31.0-6.fc42

Ergonomic wrapper for SQLite...

Tenable Security Center Multiple Vulnerabilities (TNS-2025-09)

According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.6.0 and missing relevant patches. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-09 advisory. - In SQLite 3.44.0 through 3.49.0 before 3.49.1, the...

GHSA-5WGP-VJXM-3X2R Navidrome allows SQL Injection via role parameter

🛡 Security Advisory: SQL Injection Vulnerability in Navidrome v0.55.2 Overview This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized...

Navidrome allows SQL Injection via role parameter

🛡 Security Advisory: SQL Injection Vulnerability in Navidrome v0.55.2 Overview This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized...

Important: thunderbird

Issue Overview: Through a series of popup and window.print calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefo...

CVE-2025-5154

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...

RHEL 9 : nodejs:22 (RHSA-2025:7433)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7433 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

CVE-2025-5154

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...

CVE-2025-5154

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...

CVE-2025-5154 PhonePe App SQLite Database databases cleartext storage in a file or on disk

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...

CVE-2025-5154 PhonePe App SQLite Database databases cleartext storage in a file or on disk

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...

CVE-2025-5154

The CVE-2025-5154 entry applies to the PhonePe App (Android) version 25.03.21.0. The vulnerability resides in the SQLite Database component, specifically within app-private data at /data/data/com.phonepe.app/databases/, where sensitive data is stored in plaintext. This cleartext storage allows a ...

PT-2025-22866 · Phonepe · Phonepe App

Name of the Vulnerable Software and Affected Versions: PhonePe App version 25.03.21.0 Description: A problematic issue was found in the PhonePe App, affecting an unknown function of the SQLite Database component. The issue leads to cleartext storage in a file or on disk, requiring local access fo...

CVE-2024-6971

A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...

CVE-2024-22077

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions...

CVE-2024-44739

Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manageuser=...

CVE-2024-8877

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...

CVE-2024-46488

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npytokennext function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file...

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

CVE-2023-39265

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...