Lucene search
+L

559 matches found

RedhatCVE
RedhatCVE
added 2026/02/12 7:28 p.m.7 views

CVE-2026-2250

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...

7.5CVSS5.6AI score0.00359EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 3:16 p.m.13 views

CVE-2026-2250

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...

7.5CVSS0.00359EPSS
Exploits0References2
Fedora
Fedora
added 2026/02/11 12:59 a.m.10 views

[SECURITY] Fedora 42 Update: atuin-18.6.1-10.fc42

Atuin replaces your existing shell history with a SQLite database, and records additional context for your commands. Additionally, it provides optional and fully encrypted synchronization of your history between machines, via an Atuin server...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
OSV
OSV
added 2026/02/03 6:30 p.m.3 views

GHSA-7G56-FWXJ-CM23 FUXA contains an Unrestricted File Upload vulnerability

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

9.3CVSS6AI score0.00726EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 12:0 a.m.4 views

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

6.1AI score0.00726EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 12:0 a.m.18 views

CVE-2025-69981

FUXA v1.2.7 has an Unrestricted File Upload issue at the /api/upload endpoint. The endpoint authenticates users poorly (lacks authentication), allowing unauthenticated remote attackers to upload arbitrary files. This can enable overwriting critical system files such as the SQLite user database an...

9.8CVSS6AI score0.00726EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/03 12:0 a.m.5 views

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

7.5CVSS6.2AI score0.00726EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.9 views

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

7CVSS5.9AI score0.00097EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.4 views

Astra Linux – Vulnerability in SQLite3

In SQLite 3.49.0 before 3.49.1, certain argument values passed to sqlite3dbconfig in the C-language API can cause a denial of service application crash. A sznBig multiplication is not cast to a 64-bit integer, which can lead to incorrect memory allocations...

5.6CVSS6.6AI score0.00192EPSS
Exploits0References3
NVD
NVD
added 2026/01/26 10:16 a.m.7 views

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

7CVSS0.00097EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/26 10:6 a.m.8 views

EUVD-2025-206374

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

7CVSS5.9AI score0.00097EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 10:6 a.m.12 views

CVE-2025-59105

CVE-2025-59105 describes unencrypted flash storage in the dormakaba access manager. With physical access and time, an attacker can desolder, modify, and reflash memory, enabling read/write of critical data (e.g., /etc/passwd, stored certificates, cryptographic keys, PINs) and potentially gain SSH...

7CVSS5.9AI score0.00097EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/26 10:5 a.m.28 views

CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

5.9CVSS0.00572EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/26 10:5 a.m.4 views

CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

5.9CVSS5.8AI score0.00572EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/26 10:5 a.m.29 views

CVE-2025-59099 Unauthenticated Path Traversal in dormakaba access manager

The Access Manager is using the open source web server CompactWebServer written in C. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files...

8.8CVSS0.00699EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.9 views

PT-2026-4755

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

7CVSS5.9AI score0.00097EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-4750

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

5.9CVSS5.8AI score0.00572EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/20 6:18 p.m.7 views

CVE-2026-23838

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

8.7CVSS5.6AI score0.004EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/20 4:30 p.m.13 views

Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered

Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...

8.3CVSS5.7AI score0.00475EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/01/20 4:30 p.m.7 views

GHSA-2497-GP99-2M74 Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered

Summary Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records Details After wings sends activity logs to the panel it deletes the processed activity entries from t...

8.3CVSS5.8AI score0.00475EPSS
Exploits1References7
Rows per page
Query Builder