Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/11/05 6:54 a.m.6 views

CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

7.5CVSS8AI score0.00581EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/30 9:30 p.m.4 views

EUVD-2025-37196

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

7.5CVSS7.5AI score0.00581EPSS
Exploits0References4
OSV
OSVadded 2025/10/30 9:30 p.m.2 views

GHSA-F9F4-5859-29MF sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

7.5CVSS8.2AI score0.00581EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2025/10/30 9:30 p.m.6 views

sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

7.5CVSS8.1AI score0.00581EPSS
Exploits0References7Affected Software1
OSV
OSVadded 2025/10/30 8:15 p.m.2 views

CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

7.5CVSS6AI score0.00581EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/10/30 12:0 a.m.6 views

CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

0.00581EPSS
Exploits0References3
CVE
CVEadded 2025/10/30 12:0 a.m.9 views

CVE-2025-61141

The CVE-2025-61141 entry concerns sqls-server/sqls version 0.2.28, which is vulnerable to command injection in the config command. The root cause is that openEditor passes the EDITOR environment variable and the config file path to sh -c without sanitization, enabling an attacker to execute arbit...

7.5CVSS7.7AI score0.00581EPSS
Exploits0References3
Rows per page
Query Builder