CVE-2026-11822

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...

CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

CVE-2026-11824

Summary: CVE-2026-11824 affects SQLite before 3.53.2 via the FTS5 full‑text search extension. A crafted database can trigger a heap‑based buffer overflow by manipulating continuation page metadata (szLeaf value

EUVD-2026-35801

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

CVE-2026-45288

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...

CVE-2026-45288

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...

CVE-2026-45288 Marten has an SQL injection vulnerability in its full-text search regConfig parameter

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...

CVE-2026-45288

Marten (a .NET transactional document DB for PostgreSQL) prior to version 8.36.1 interpolated the user-supplied regConfig parameter directly into SQL within full-text search APIs, without parameterization or validation, creating a SQL injection sink on any code path where regConfig is exposed. Th...

CVE-2026-45288 Marten has an SQL injection vulnerability in its full-text search regConfig parameter

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...

CVE-2026-45288

Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to...

Marten SQL注入漏洞

Marten is a PostgreSQL-based .NET documentation database and event storage tool developed by JasperFx. Versions of Marten prior to 8.36.1 contained an SQL injection vulnerability. This vulnerability occurred due to the full-text search API not being parameterized or verifying the regConfig...

PT-2026-42752

Name of the Vulnerable Software and Affected Versions Sync-in versions prior to 2.3 Description An issue exists in the URL download feature where the private IP blocklist regex fails to match IPv4-mapped IPv6 addresses, such as ::ffff:127.0.0.1. On dual-stack systems, Node.js may report a socket'...

Marten has an injection vulnerability in its full-text search regConfig parameter

Summary Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. Affected APIs - IQuerySession.SearchAsyncstring...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the regConfig parameter in full-text search APIs. An attacker can execute arbitrary SQL commands by supplying crafted input to the regConfig parameter, which is interpolated directly into SQL statements without...

GHSA-VMW2-QWM8-X84C Marten has an injection vulnerability in its full-text search regConfig parameter

Summary Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generated SQL without parameterization or validation, making every code path that exposes regConfig to untrusted input a SQL injection sink. Affected APIs - IQuerySession.SearchAsyncstring...

PT-2026-41160

Name of the Vulnerable Software and Affected Versions Marten versions prior to 8.36.1 Description Full-text search APIs interpolate the user-supplied regConfig parameter directly into generated SQL without parameterization or validation. This creates a SQL injection sink in any code path where...

SQL Injection

SiYuan is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied SQL statements in the /api/search/fullTextSearchBlock endpoint without authorization or validation checks, which allows an attacker to execute arbitrary SQL commands against the database...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017457)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017457 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

SUSE CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...