K000152672: SQLite vulnerabilities CVE-2024-0232 and CVE-2025-29088

Security Advisory Description CVE-2024-0232 A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a cras...

CVE-2025-4049

Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.This issue affects FARA: through 5.0.80.34...

CVE-2025-4049 Hardcoded SQLite password in FARA

Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.This issue affects FARA: through 5.0.80.34...

CVE-2025-4049

CVE-2025-4049 affects SIGNUM-NET FARA (through v5.0.80.34). The vulnerability is due to hard-coded SQLite credentials, enabling unauthorized read and manipulation of the locally stored database. Impact includes high confidentiality, integrity, and availability on affected data when an attacker ca...

CVE-2025-4049 Hardcoded SQLite password in FARA

Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.This issue affects FARA: through 5.0.80.34...

SQLite Operator-Based SQL Injection Vulnerability in LangGraph

This report is not public...

SIGNUM-NET FARA 信任管理问题漏洞

SIGNUM-NET FARA is a facility management software from SIGNUM-NET Poland. A trust management issue vulnerability exists in SIGNUM-NET FARA version 5.0.80.34 and prior versions, which stems from the use of hard-coded SQLite credentials that could lead to reading and manipulating local databases...

PT-2025-30241 · Unknown · Signum-Net Fara

Name of the Vulnerable Software and Affected Versions: SIGNUM-NET FARA versions through 5.0.80.34 Description: A hard-coded SQLite credential vulnerability exists in SIGNUM-NET FARA, allowing unauthorized read and manipulation of the locally stored database. Recommendations: Versions prior to...

CVE-2025-6230

A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands...

SQLite < 3.50.2 Memory Corruption Vulnerability

SQLite is prone to a memory corruption vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sqlite:sqlite"; ifdescripti...

SQLite < 3.50.2 Memory Corruption

The version of SQLite installed on the remote host is prior to 3.50.2. It is, therefore, affected by a memory corruption issue. The vulnerability can occur where the number of aggregate terms could exceed the number of columns available, leading to memory corruption. Note that Nessus has not test...

CVE-2025-6230

A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands...

CVE-2025-6230

A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands...

CVE-2025-6230

A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands...

CVE-2025-6230

CVE-2025-6230 describes a local SQL injection in Lenovo Vantage that could let an attacker modify the local SQLite database and execute limited SQLite commands. Connected documents confirm the affected software and the local attack vector, with no user interaction required and low privileges need...

SUSE CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above...

BIT-SQLITE-2025-6965 Integer Truncation on SQLite

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above...

Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Google on Tuesday revealed that its large language model LLM-assisted vulnerability discovery framework identified a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 CVSS score: 7.2, is a memory...

CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above...

DEBIAN-CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above...