528 matches found
SIGNUM-NET FARA 信任管理问题漏洞
SIGNUM-NET FARA is a facility management software from SIGNUM-NET Poland. A trust management issue vulnerability exists in SIGNUM-NET FARA version 5.0.80.34 and prior versions, which stems from the use of hard-coded SQLite credentials that could lead to reading and manipulating local databases...
CVE-2025-6230
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands...
CVE-2025-6230
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands...
CVE-2025-6230
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands...
CVE-2025-6230
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands...
CVE-2025-6230
CVE-2025-6230 describes a local SQL injection in Lenovo Vantage that could let an attacker modify the local SQLite database and execute limited SQLite commands. Connected documents confirm the affected software and the local attack vector, with no user interaction required and low privileges need...
CVE-2025-53549 Matrix Rust SDK allows SQL injection in the EventCache implementation
The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::findeventwithrelations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that...
SUSE-SU-2025:01456-2 Security update for sqlite3
This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function bsc1241020 - CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: - Updated to version 3.49.1 from Factory...
Security update for sqlite3
This update for sqlite3 fixes the following issues: CVE-2025-3277,CVE-2025-29087: Fixed integer overflow in sqlite concat function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: Updated to version 3.49.1 from Factory...
[SECURITY] Fedora 41 Update: atuin-18.3.0-4.fc41
Atuin replaces your existing shell history with a SQLite database, and records additional context for your commands. Additionally, it provides optional and fully encrypted synchronization of your history between machines, via an Atuin server...
[SECURITY] Fedora 42 Update: atuin-18.3.0-4.fc42
Atuin replaces your existing shell history with a SQLite database, and records additional context for your commands. Additionally, it provides optional and fully encrypted synchronization of your history between machines, via an Atuin server...
CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...
Security update for sqlite3
This update for sqlite3 fixes the following issues: CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function bsc1241020 CVE-2025-29088: Fixed integer overflow through the SQLITEDBCONFIGLOOKASIDE component bsc1241078 Other fixes: Updated to version 3.49.1 from Factory...
Navidrome allows SQL Injection via role parameter
🛡 Security Advisory: SQL Injection Vulnerability in Navidrome v0.55.2 Overview This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized...
GHSA-5WGP-VJXM-3X2R Navidrome allows SQL Injection via role parameter
🛡 Security Advisory: SQL Injection Vulnerability in Navidrome v0.55.2 Overview This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized...
CVE-2025-5154
A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...
CVE-2025-5154
A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...
CVE-2025-5154
A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...
CVE-2025-5154 PhonePe App SQLite Database databases cleartext storage in a file or on disk
A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...
CVE-2025-5154
The CVE-2025-5154 entry applies to the PhonePe App (Android) version 25.03.21.0. The vulnerability resides in the SQLite Database component, specifically within app-private data at /data/data/com.phonepe.app/databases/, where sensitive data is stored in plaintext. This cleartext storage allows a ...