Lucene search
K

4940 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in @sqlite-panel/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb20d0c9e601940f84c676cd74d174e06a740b6bcb90c12d38cdcecc6ca68696 The package's main entry point index.js fetches a hardcoded GitHub Gist owned by 'getchainverse' via api.github.com and passes the returned file...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday3 views

MAL-2026-10490 Malicious code in @sqlite-panel/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb20d0c9e601940f84c676cd74d174e06a740b6bcb90c12d38cdcecc6ca68696 The package's main entry point index.js fetches a hardcoded GitHub Gist owned by 'getchainverse' via api.github.com and passes the returned file...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday8 views

Malicious code in @sqlite-group/schema-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...

6.2AI score
Exploits0References2
OSV
OSV
added yesterday2 views

MAL-2026-10448 Malicious code in @sqlite-group/schema-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...

6.2AI score
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-39124

SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon...

5.9CVSS6.1AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 5 days ago13 views

CVE-2026-50180

Summary: CVE-2026-50180 in Langroid’s SQLChatAgent allows arbitrary PostgreSQL file reads due to an incomplete DANGEROUS_SQL_PATTERNS blocklist. The blocklist misses several pg_read * and related functions (e.g., pg_read_file, pg_stat_file, pg_ls_logdir, pg_ls_waldir, pg_current_logfile) and does...

8.7CVSS6.1AI score0.00686EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-50812

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changesetapplyv3 applies a corrupt changeset...

5.5CVSS0.00112EPSS
Exploits0References3
NVD
NVD
added 6 days ago10 views

CVE-2026-50813

An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path...

6.1CVSS0.00111EPSS
Exploits0References3
CVE
CVE
added 6 days ago8 views

CVE-2026-50813

CVE-2026-50813 concerns SQLite, with the issue arising before Fossil check-in 869a51ae84df. The vulnerability permits a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path. The available documents do not specify the exact affected versi...

6.1CVSS6AI score0.00111EPSS
Exploits0References3
CVE
CVE
added 6 days ago7 views

CVE-2026-50812

SQLite 3.53.1 and earlier trunk builds of the SQLite Session Extension are affected by a NULL pointer dereference in sqlite3changeset_apply_v3() when applying a malformed changeset, reaching sqlite3_value_type() with a NULL sqlite3_value pointer, leading to denial of service. The issue is tied to...

5.5CVSS6AI score0.00112EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-50812

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changesetapplyv3 applies a corrupt changeset...

5.5CVSS6AI score0.00112EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-50813

An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path...

6.1CVSS6AI score0.00111EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-50813

An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path...

6.1CVSS0.00111EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-50812

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changesetapplyv3 applies a corrupt changeset...

0.00112EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 2:48 p.m.12 views

Malicious code in @sqlite-access/nodesql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5454044dfacdd12da8025ba7a7c73260f16c64b29dbd25ebda52af4d03e8450c The package presents a three-way identity mismatch: the scoped name @sqlite-access/nodesql implies a SQL-access library, the README markets a...

6AI score
Exploits0References2
OSV
OSV
added 2026/07/07 2:48 p.m.5 views

MAL-2026-6914 Malicious code in @sqlite-access/nodesql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5454044dfacdd12da8025ba7a7c73260f16c64b29dbd25ebda52af4d03e8450c The package presents a three-way identity mismatch: the scoped name @sqlite-access/nodesql implies a SQL-access library, the README markets a...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/06 8:31 p.m.5 views

GHSA-R35R-FPX2-JGR4 Linuxfabrik Monitoring Plugins allow insecure creation of SQLite databases

Summary The SQLite databases are created at predictable static paths in /tmp. Any user can therefore create a symlink at these paths in /tmp pointing to arbitrary files. The monitoring scripts then follows these symlinks and then creates their database at the symlink target. This becomes really...

5.1CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-530 SciTokens is vulnerable to SQL Injection in KeyCache

Summary The KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. Ran the POC below...

9.8CVSS6.3AI score0.00492EPSS
Exploits1References7
OSV
OSV
added 2026/06/26 9:1 p.m.7 views

GHSA-V2JF-442R-6MJH nebula-mesh: Signed-poll nonce LRU is in-memory and bounded; replay survives restart + eviction

internal/api/pop/nonce.go:25,40,86 + internal/api/server.go:38 — the signed-poll nonce cache is an in-process LRU sized at 65,536 entries. internal/api/updates.go:31 sets pollClockSkew = 5 time.Minute as the replay window. Affected All released versions through v0.3.0 that have shipped the ADR 00...

6.9CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/25 10:16 p.m.9 views

CVE-2025-71324

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS0.00346EPSS
Exploits1References2
Rows per page
Query Builder