CVE-2026-23838

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

EUVD-2025-23567

Malicious code in bioql PyPI...

EulerOS 2.0 SP11 : sqlite (EulerOS-SA-2025-1969)

According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. A...

The ADOdb sqlite3 driver allows SQL injection

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns, metaForeignKeys or metaIndexes methods with a crafted table name. Note that the indicated Severity corresponds to a...

GHSA-VF2R-CXG9-P7RF The ADOdb sqlite3 driver allows SQL injection

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns, metaForeignKeys or metaIndexes methods with a crafted table name. Note that the indicated Severity corresponds to a...

The ADOdb sqlite3 driver allows SQL injection

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns, metaForeignKeys or metaIndexes methods with a crafted table name. Note that the indicated Severity corresponds to a...

Path Traversal

github.com/clidey/whodb/core is vulnerable to Path Traversal. The vulnerability is due to improper path validation due to the lack of checks when joining user-controlled database file names with the default directory, allowing an attacker to use path traversal ../../ to access any Sqlite3 databas...

CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

GO-2025-3456 WhoDB has a path traversal opening Sqlite3 database in github.com/clidey/whodb/core

WhoDB has a path traversal opening Sqlite3 database in github.com/clidey/whodb/core...

GHSA-9R4C-JWX3-3J76 WhoDB has a path traversal opening Sqlite3 database

Summary While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Details WhoDB allows use...

WhoDB has a path traversal opening Sqlite3 database

Summary While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Details WhoDB allows use...

CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2025-24786 Path traversal opening Sqlite3 database in WhoDB

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory /db, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the applicati...

CVE-2025-24786

WhoDB (CVE-2025-24786) contains a path-traversal vulnerability in the SQLite3 access logic. The app exposes databases that may be opened via a user-supplied filename, constructing a path with a default directory (/db or ./tmp in dev) and using .Join() without validating that the path stays within...

FreeTAKServer-UI SQL Injection Vulnerability

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam team.FreeTAKServer-UI is vulnerable to SQL injection, which stems from the API endpoint/AuthenticateUser containing SQL injection into the SQLite3 database, which can be exploited by an attacker to obtain the database All...

Android Gather Dump Password Hashes for Android Systems

Post Module to dump the password hashes for Android System. Root is required. To perform this operation, two things are needed. First, a password.key file is required as this contains the hash but no salt. Next, a sqlite3 database is needed with supporting files to pull the salt from. Combined,...

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540...

Smartwares HOME easy v1.0.9 Client-Side Authentication Bypass

Summary Home Easy/Smartwares are a range of products designed to remotely control your home using wireless technology. Home Easy/Smartwares is very simple to set up and allows you to operate your electrical equipment like lighting, appliances, heating etc. Description HOME easy suffers from...

Aura-Botnet - A Super Portable Botnet Framework With A Django-based C2 Server

Aura Botnet C2 Server The botnet's C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following: Django is extremely portable and therefore good for testing/educational purposes. The server and database are contained...

Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection

------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 2017...