559 matches found
PT-2026-60096
Name of the Vulnerable Software and Affected Versions nebula-mesh affected versions not specified Description Operator session tokens are stored in plaintext within the token column of the operator sessions table. These tokens are 32-byte random hex values sent via cookies and remain valid for 24...
EUVD-2026-39124
SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon...
CVE-2026-50812
SQLite 3.53.1 and earlier trunk builds of the SQLite Session Extension are affected by a NULL pointer dereference in sqlite3changeset_apply_v3() when applying a malformed changeset, reaching sqlite3_value_type() with a NULL sqlite3_value pointer, leading to denial of service. The issue is tied to...
GHSA-R35R-FPX2-JGR4 Linuxfabrik Monitoring Plugins allow insecure creation of SQLite databases
Summary The SQLite databases are created at predictable static paths in /tmp. Any user can therefore create a symlink at these paths in /tmp pointing to arbitrary files. The monitoring scripts then follows these symlinks and then creates their database at the symlink target. This becomes really...
PT-2026-56055
Name of the Vulnerable Software and Affected Versions linuxfabrik-monitoring-plugins affected versions not specified Description SQLite databases are created using predictable static paths in /tmp, allowing any user to create a symlink at these locations pointing to arbitrary files. When monitori...
PYSEC-2026-530 SciTokens is vulnerable to SQL Injection in KeyCache
Summary The KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. Ran the POC below...
CVE-2026-54068 SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...
CVE-2026-53949
Summary (CVE-2026-53949) Ghost CMS (Node.js). Affected versions: 5.46.1–6.21.2. Description: validation on filters for public API endpoints could be partially bypassed, enabling disclosure of private fields via brute-force. Impact depends on database: with SQLite, password hashes were fully acces...
GHSA-GHMH-JHMJ-WCMF nebula-mesh's stores enrollment tokens unhashed in SQLite
internal/store/sqlite.go:1177,1192,1221,1245 — the enrollmenttokens.token column holds the raw UUID token. ConsumeToken does WHERE token = ? against the raw string. Compare with operatorapikeys.keyhash, which is SHA-256 hex constructed in internal/api/middleware.go:51-53. Affected All released...
CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate
SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...
CVE-2026-45046
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
Dirty-cow-exploit
System Documentation Architecture - Frontend: React 19...
CVE-2026-45046 Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
CVE-2026-45046
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
EUVD-2026-32624
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...
Astra Linux – Vulnerability in SQLite3
A flaw was discovered in SQLite’s SELECT query functionality src/select.c. This flaw allows an attacker who is capable of executing SQL queries locally on the SQLite database to cause a denial of service or potentially lead to code execution by triggering a use-after-free. The most significant...
[SECURITY] Fedora 42 Update: coturn-4.11.0-1.fc42
The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the logging process. An attacker can access sensitive information by obtaining the local sqlite database, which may contain file content that should have been...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the logging process. An attacker can access sensitive information by obtaining the local sqlite database, which may contain file content that should have been...
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
Summary Kysely 0.28.12 added a sanitizeStringLiteral call inside DefaultQueryCompiler.visitJSONPathLeg commit 0a602bf, PR 1727 to fix CVE-2026-32763 GHSA-wmrf-hv6w-mr66. The fix only doubles single quotes ' → ''; it does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled...