CVE-2025-14815 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

SQL Injection

Overview drizzle-orm is a Drizzle ORM package for SQL databases Affected versions of this package are vulnerable to SQL Injection through the escapeName handling in the PostgreSQL, SQLite, and SingleStore dialects. An attacker can inject arbitrary SQL by supplying a malicious identifier to...

GHSA-GPJ5-G38J-94V9 Drizzle ORM has SQL injection via improperly escaped SQL identifiers

Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled...

Drizzle ORM has SQL injection via improperly escaped SQL identifiers

Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled...

SQLite 3.50.1 - Heap Overflow

Exploit Title: SQLite 3.50.1 - Heap Overflow Date: 2025-11-05 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.sqlite.org Software Link: https://www.sqlite.org/download.html Version: SQLite 3.50....

@fedify/botkit (>=0.4.0-dev.177 <=0.4.0-dev.181), @fedify/botkit-sqlite (>=0.4.0-dev.177 <=0.4.0-dev.181) potentially affected by CVE-2026-34148 via @fedify/fedify (=1.10.0)

@fedify/fedify NPM version =1.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.4.0-dev.177, =0.4.0-dev.177, =0.4.0-dev.181 Source cves: CVE-2026-34148 Source advisory: OSV:GHSA-GM9M-GWC4-HWGP...

@fedify/botkit (>=0.4.0-dev.182 <=0.4.0-dev.183), @fedify/botkit-sqlite (>=0.4.0-dev.182 <=0.4.0-dev.183) +1 more potentially affected by CVE-2026-34148 via @fedify/fedify (>=2.0.0 <=2.0.7)

@fedify/fedify NPM version =2.0.0, =0.4.0-dev.182, =0.4.0-dev.182, =2.0.0, =2.0.16 Source cves: CVE-2026-34148 Source advisory: SNYK:JS-FEDIFYFEDIFY-15928876...

@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +1 more potentially affected by CVE-2026-34148 via @fedify/fedify (=2.1.0)

@fedify/fedify NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.4.0-dev.184, =0.4.0-dev.184, =0.4.0-dev.185 - @fedify/cli =2.1.0 Source cves: CVE-2026-34148 Source advisory:...

@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +5 more potentially affected by CVE-2026-34148 via @fedify/vocab-runtime (=2.1.0)

@fedify/vocab-runtime NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/vocab-runtime and may be impacted: - @fedify/botkit =0.4.0-dev.184, =0.4.0-dev.184, =0.4.0-dev.185 - @fedify/cli =2.1.0 - @fedify/fedify =2.1.0 -...

@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +5 more potentially affected by CVE-2026-34148 via @fedify/vocab-runtime (=2.1.0)

@fedify/vocab-runtime NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/vocab-runtime and may be impacted: - @fedify/botkit =0.4.0-dev.184, =0.4.0-dev.184, =0.4.0-dev.185 - @fedify/cli =2.1.0 - @fedify/fedify =2.1.0 -...

@fedify/botkit (>=0.4.0-dev.182 <=0.4.0-dev.183), @fedify/botkit-sqlite (>=0.4.0-dev.182 <=0.4.0-dev.183) +5 more potentially affected by CVE-2026-34148 via @fedify/vocab-runtime (>=2.0.0-dev.100 <=2.0.7)

@fedify/vocab-runtime NPM version =2.0.0-dev.100, =0.4.0-dev.182, =0.4.0-dev.182, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.16 Source cves: CVE-2026-34148 Source advisory: SNYK:JS-FEDIFYVOCABRUNTIME-15928877...

@fedify/botkit (>=0.4.0-dev.184 <=0.4.0-dev.185), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.4.0-dev.185) +1 more potentially affected by CVE-2026-34148 via @fedify/fedify (=2.1.0)

@fedify/fedify NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.4.0-dev.184, =0.4.0-dev.184, =0.4.0-dev.185 - @fedify/cli =2.1.0 Source cves: CVE-2026-34148 Source advisory:...

@fedify/botkit (>=0.4.0-dev.177 <=0.4.0-dev.181), @fedify/botkit-sqlite (>=0.4.0-dev.177 <=0.4.0-dev.181) potentially affected by CVE-2026-34148 via @fedify/fedify (=1.10.0)

@fedify/fedify NPM version =1.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @fedify/fedify and may be impacted: - @fedify/botkit =0.4.0-dev.177, =0.4.0-dev.177, =0.4.0-dev.181 Source cves: CVE-2026-34148 Source advisory:...

Photon OS 5.0: Sqlite PHSA-2026-5.0-0802

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0802. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Sqlite PHSA-2026-4.0-0989

An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0989. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EUVD-2026-17293

SciTokens is vulnerable to SQL Injection in KeyCache...

SciTokens is vulnerable to SQL Injection in KeyCache

Summary The KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. Ran the POC below...

SQL Injection

Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to SQL Injection via the KeyCache class. An attacker can execute arbitrary SQL commands against the local SQLite database by supplying crafted input to parameters such as issuer and...

CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

Important Photon OS Security Update - PHSA-2026-4.0-0989

Updates of 'sqlite' packages of Photon OS have been released...