CVE-2025-57806 Local Deep Research's API keys are stored in plain text

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page...

CVE-2025-57806 Local Deep Research's API keys are stored in plain text

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page...

PT-2025-35648

Name of the Vulnerable Software and Affected Versions: Local Deep Research versions 0.2.0 through 0.6.7 Description: Local Deep Research stores confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented. Users were not giv...

Linux Distros Unpatched Vulnerability : CVE-2024-7009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unsanitized user-input in Calibre = 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database...

CVE-2025-50983

SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...

CVE-2025-50983

SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...

PT-2025-34877 · Readarr · Readarr

Name of the Vulnerable Software and Affected Versions: readarr version 0.4.15.2787 Description: A SQL Injection issue exists in readarr that allows attackers to inject and execute arbitrary SQL commands against the backend SQLite database. The /api/v1/wanted/cutoff API endpoint does not properly...

CVE-2025-50983

SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...

CLSA-2025-1755885175 Fix CVE(s): CVE-2025-29088

SECURITY UPDATE: denial of service via sqlite3dbconfig argument values - debian/patches/CVE-2025-29088.patch: harden the SQLITEDBCONFIGLOOKASIDE interface against misuse, such as described in forum post 48f365daec Enhancements to the SQLITEDBCONFIGLOOKASIDE documentation - CVE-2025-29088...

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

MAL-2025-34012 Malicious code in stratigraphy-changelog-prettier-stylelint-sqlite (npm)

The package stratigraphy-changelog-prettier-stylelint-sqlite was found to contain malicious code...

VulnCheck KEV: CVE-2023-39265

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

BIT-LIBPHP-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

SUSE CVE-2025-54379

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via improper escaping of query parameters in the metaColumns, metaForeignKeys, or metaIndexes methods when connecting to a sqlite3 database. An attacker can execute arbitrary SQL statements by supplying a crafted table nam...

DEBIAN-CVE-2025-54119

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database a...

sqlite: Integer Truncation in SQLite

A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior...

CVE-2025-54379 eKuiper API endpoints handling SQL queries with user-controlled table names.

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...

CVE-2025-4049

Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.This issue affects FARA: through 5.0.80.34...