CLSA-2026-1777052042 sqlite: Fix of CVE-2018-8740

CVE-2018-8740: avoid a NULL pointer dereference when the sqlitemaster schema contains a corrupt CREATE TABLE AS entry...

CVE-2026-40315

PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the tableprefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers...

sqli

SQL Injection Write-up 🧪 1. Průzkum Do vyhledávacího pole...

CVE-2026-33545

Summary: CVE-2026-33545 affects MobSF before 4.4.6, where read_sqlite() builds SQL queries by interpolating table names from sqlite_master using Python string formatting. This enables attacker-controlled table names to cause a DoS via a PRAGMA table_info() syntax error and, in isolation, SQL inje...

CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...