PT-2025-21347 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions up to and including 0.4.2rc1 Description: The issue arises from the concat function potentially skipping the evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation tha...

Security update for sqlite3

This update for sqlite3 fixes the following issues: CVE-2025-29087: Fixed integer overflow in sqlite concat function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: Updated to version 3.49.1 from Factory jscSLE-16032 Patch...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the concat function. An attacker can trigger an integer overflow by supplying input with an excessive number of separators and arguments. Note: This vulnerability has also been published as CVE-2025-327...

BIT-SQLITE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

CVE-2025-29087

A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concatws function. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the concat function. An attacker can trigger an integer overflow by supplying input with an excessive number of separators and arguments. Note: This vulnerability has also been published as CVE-2025-327...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

CVE-2025-29087

CVE-2025-29087 concerns SQLite: concat_ws() can write beyond the end of a malloc’d buffer in versions 3.44.0–3.49.0 when a large, attacker-controlled separator is supplied, triggering an integer overflow while sizing the result buffer. This may lead to memory corruption or a crash. A fix is avail...

SQLite 安全漏洞

SQLite is a lightweight database from the SQLite open source, a relational database management system that adheres to ACID. A security vulnerability exists in SQLite version 3.49.0, which stems from a concat function that could lead to an integer overflow...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

PT-2025-15279

Name of the Vulnerable Software and Affected Versions Sqlite version 3.49.0 Description The issue is related to an integer overflow in the concat function. Recommendations For Sqlite version 3.49.0, at the moment, there is no information about a newer version that contains a fix for this...

CVE-2024-22419

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the buildIR for concat doesn't properly adhere to the API of co...

PT-2024-19409 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.0 through 0.3.9 Description: The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the build IR for concat doesn't proper...

Preisschlacht V4 Flash System (seite&aid) index.php SQL Injection

Exploit for unknown platform in category web applications ================================================================= Preisschlacht V4 Flash System seite&aid index.php SQL Injection =================================================================...

Docebo 3.6.0.3 - Multiple SQL Injections

Docebo 3.6.0.3 - Multiple SQL Injections Application: Docebo Version affected: 3.6.0.3 Website: http://www.docebo.com Discovered By: Andrea Fabrizi Email: andrea.fabrizi at gmail dot com email concealed Web: http://www.andreafabrizi.it Vuln: Multiple SQL-Injection Vulnerabilities EXAMPLE 1...

KwsPHP Module ConcoursPhoto 2.0 - C_ID SQL Injection

KwsPHP Module ConcoursPhoto 2.0 - CID SQL Injection KwsPHP Module ConcoursPhoto Remote SQL Injection Exploit AUTHOR : Stack-Terrorist v40 Email : [email protected] Home : http://v4-team.com & http://stack-terrorist.com Script : KwsPHP Module ConcoursPhoto Bug : Remote SQL Injection Exploit Dork :...