Lucene search
K

244 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-61461

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the searchbyfulltext method without escaping or parameterization. Attackers can inject malicious SQL throu...

8.8CVSS0.00357EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-61461 Dify < 1.16.0-rc1 SQL Injection via MyScale Vector Store search_by_full_text

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the searchbyfulltext method without escaping or parameterization. Attackers can inject malicious SQL throu...

8.8CVSS0.00357EPSS
Exploits0References5
CVE
CVE
added 4 days ago15 views

CVE-2026-61461

Summary: CVE-2026-61461 affects Dify before 1.16.0-rc1, where the MyScale vector store backend is vulnerable to SQL injection via the search_by_full_text method due to unsanitized, unparameterized search parameters. This can allow an attacker to read, modify, or delete data in the underlying Clic...

8.8CVSS6.3AI score0.00357EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS6AI score0.0038EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/06 8:3 a.m.11 views

CVE-2026-46585

The CVE describes an improper input validation/authorization bypass in the Apache Camel Lucene component. The root cause is that the Camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value is the plain string QUERY (and RETURN_LUCENE_DOCS f...

7.5CVSS6AI score0.00399EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/23 9:6 a.m.2 views

SUSE-SU-2026:2528-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS6.8AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 9:5 a.m.23 views

SUSE-SU-2026:2527-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS6.8AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 9:1 p.m.2 views

OPENSUSE-SU-2026:21090-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS6.7AI score0.00175EPSS
Exploits0References4
OSV
OSV
added 2026/06/18 8:59 p.m.2 views

SUSE-SU-2026:22166-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS6.9AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 8:59 p.m.2 views

SUSE-SU-2026:22218-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS6.9AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 8:51 a.m.7 views

BIT-SQLITE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

8.5CVSS6.3AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 8:51 a.m.9 views

BIT-SQLITE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...

8.5CVSS6.5AI score0.00175EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.122 views

Linux Distros Unpatched Vulnerability : CVE-2026-11822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory...

8.5CVSS6.6AI score0.00175EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/11 8:1 a.m.23 views

SQLite before 3.53.2 Memory Corruption in FTS5 Extension

...

8.5CVSS5.3AI score0.00175EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/11 8:1 a.m.11 views

SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate

...

8.5CVSS5.3AI score0.00175EPSS
Exploits0
Snyk
Snyk
added 2026/06/09 8:24 p.m.6 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the FTS5 extension when processing a crafted database containing malformed FTS5 page data. An attacker can cause process crashes, memory exhaustion, or execute arbitrary code by supplying a specially...

8.5CVSS6.2AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 8:24 p.m.11 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the fts5ChunkIterate function in the FTS5 full-text search extension. An attacker can cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata that...

8.5CVSS6.2AI score0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 8:16 p.m.12 views

CVE-2026-11822

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...

8.5CVSS0.00175EPSS
Exploits0References4
OSV
OSV
added 2026/06/09 8:16 p.m.6 views

DEBIAN-CVE-2026-11824

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

8.5CVSS6.2AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 8:16 p.m.5 views

DEBIAN-CVE-2026-11822

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...

8.5CVSS6.5AI score0.00175EPSS
Exploits0References1
Rows per page
Query Builder