Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4769 matches found

Redos
Redosadded 2026/03/20 12:0 a.m.2 views

ROS-20260320-73-0002

A vulnerability in the command line interface of the SQLite database management system is associated with errors in the implementation of the azAllowedFunctions protection mechanism. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to prohibited user functions...

7.3CVSS6.7AI score0.00136EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2026/03/20 12:0 a.m.3 views

Cockpit < 2.13.5 SQLi (GHSA-7x5c-vfhj-9628)

The version of Cockpit CMS running on the remote web server is prior to 2.13.5. It is, therefore, affected by a SQL injection vulnerability in the MongoLite Aggregation Optimizer. - An unsanitized field name in the toJsonExtractRaw method in lib/MongoLite/Aggregation/Optimizer.php allows an...

7.7CVSS6.1AI score0.00013EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/19 11:14 p.m.15 views

CVE-2026-32763 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...

8.2CVSS0.00021EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/19 11:14 p.m.1 views

CVE-2026-32763

Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path...

8.2CVSS5.9AI score0.00021EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/03/19 11:14 p.m.6 views

CVE-2026-32763

Summary: CVE-2026-32763 affects Kysely up to v0.28.11, where the JSON path compilation in the MySQL/SQLite dialects is vulnerable. The root cause is that visitJSONPathLeg() appends user-controlled values from .key() and .at() directly into single-quoted JSON path literals ('$.key') without escapi...

8.2CVSS5.9AI score0.00021EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2026/03/19 12:20 p.m.0 views

SUSE-SU-2026:20794-1 Security update for sqlite3

This update for sqlite3 fixes the following issues: Update to version 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension bsc1254670. - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation bsc1259619. Changelog: Update to version 3.51.3: Fix the...

7.5CVSS6AI score0.00077EPSS
Exploits1References5
OSV
OSVadded 2026/03/18 12:59 p.m.1 views

GHSA-WMRF-HV6W-MR66 SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...

8.2CVSS6.1AI score0.00021EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2026/03/18 12:59 p.m.5 views

SQL Injection via unsanitized JSON path keys when ignoring/silencing compilation errors or using `Kysely<any>`.

Summary Kysely through 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function appends user-controlled values from .key and .at directly into single-quoted JSON path string literals '$.key' without escaping single quotes. An...

8.2CVSS6AI score0.00021EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2026/03/18 2:58 a.m.1 views

CVE-2026-31891 Cockpit CMS has SQL Injection in MongoLite Aggregation Optimizer via toJsonExtractRaw()

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS6AI score0.00013EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/18 12:0 a.m.1 views

PT-2026-26090

Name of the Vulnerable Software and Affected Versions Kysely versions up to and including 0.28.11 Description Kysely, a type-safe TypeScript SQL query builder, has a SQL injection issue in JSON path compilation for MySQL and SQLite dialects. The visitJSONPathLeg function directly appends...

8.2CVSS5.9AI score0.00021EPSS
Exploits1References11
Tenable Nessus
Tenable Nessusadded 2026/03/16 12:0 a.m.3 views

EulerOS Virtualization 2.12.0 : sqlite (EulerOS-SA-2026-1520)

According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service...

9.8CVSS6.6AI score0.01617EPSS
Exploits3References3
OpenVAS
OpenVASadded 2026/03/16 12:0 a.m.0 views

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2026-1520)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS5.8AI score0.01617EPSS
Exploits3References2
OpenVAS
OpenVASadded 2026/03/16 12:0 a.m.1 views

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2026-1463)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS5.8AI score0.01617EPSS
Exploits3References2
Tenable Nessus
Tenable Nessusadded 2026/03/16 12:0 a.m.2 views

EulerOS Virtualization 2.12.1 : sqlite (EulerOS-SA-2026-1463)

According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service...

9.8CVSS6.6AI score0.01617EPSS
Exploits3References3
SUSE CVE
SUSE CVEadded 2026/03/13 1:59 p.m.0 views

SUSE CVE-2025-70873

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file...

4.3CVSS5.8AI score0.00052EPSS
Exploits1References9
RedhatCVE
RedhatCVEadded 2026/03/13 10:18 a.m.1 views

CVE-2025-70873

A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive...

7.5CVSS5.8AI score0.00052EPSS
Exploits1References6
Tenable Nessus
Tenable Nessusadded 2026/03/13 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-70873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via...

7.5CVSS5.8AI score0.00052EPSS
Exploits1References4
EUVD
EUVDadded 2026/03/12 9:34 p.m.3 views

EUVD-2025-208623

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file...

5.8AI score0.00052EPSS
Exploits1References4
OSV
OSVadded 2026/03/12 7:16 p.m.1 views

DEBIAN-CVE-2025-70873

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file...

7.5CVSS5.2AI score0.00052EPSS
Exploits1References1
NVD
NVDadded 2026/03/12 7:16 p.m.3 views

CVE-2025-70873

An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file...

7.5CVSS0.00052EPSS
Exploits1References3
Rows per page
Query Builder