CVE-2026-21696

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

CVE-2026-21696

Wings (Pterodactyl) security issue CVE-2026-21696 affects version 1.7.0 through before 1.12.0. The bug arises from not honoring SQLite’s max parameter limit (32766) when deleting activity log entries, causing a query to fail with “too many SQL variables.” As a result, processed activity entries a...

CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...

CVE-2026-23838

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2026-23838 Tandoor Recipes module allows SQLite database to be externally accessible with the default settings

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2026-23838

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2026-23838

CVE-2026-23838 affects Tandoor Recipes when installed via Nix and using the default configuration with SQLite and default MEDIA_ROOT. Versions 23.05 through 26.04 (prior to 26.05) are vulnerable because the NixOS module sets the working directory and MEDIA_ROOT to /var/lib/tandoor-recipes, causin...

EUVD-2026-3303

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2026-23838 Tandoor Recipes module allows SQLite database to be externally accessible with the default settings

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2026-23838 Tandoor Recipes module allows SQLite database to be externally accessible with the default settings

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

Wings Resource Management Error Vulnerability

Wings is the server control interface for Pterodactyl Panel. In versions 1.7.0 to 1.12.0 of Wings, there was a resource management vulnerability. This vulnerability stemmed from not considering the maximum parameter limits of SQLite, which could lead to exhaustion of the database server’s disk...

PT-2026-3490

Name of the Vulnerable Software and Affected Versions Wings versions 1.7.0 through 1.11.9 Description Wings, the server control plane for Pterodactyl, is affected by an issue where it does not account for SQLite’s maximum parameter limit when handling activity log entries. This allows a...

PT-2026-3477

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIA ROOT, the full database file may be externally...

MiracleLinux 4 : sqlite-3.6.20-1.el6_7.2 (AXSA:2015-444:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-444:01 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The A...

sql-injection-practice

Proyecto: Inyección SQL – Blue Team Descripción del proyecto Est...

[SECURITY] Fedora 42 Update: coturn-4.7.0-4.fc42

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

MiracleLinux 7 : sqlite-3.7.17-8.1.0.1.el7.AXS7 (AXSA:2025-10767:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10767:03 advisory. CVE-2025-6965: fix memory corruption issue caused by a query where the number of aggregate terms could exceed the number of columns available. CVEs:...

MiracleLinux 8 : mingw-sqlite-3.26.0.0-2.el8_10 (AXSA:2025-10765:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10765:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : sqlite-3.34.1-9.el9_7 (AXSA:2025-11450:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11450:04 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : nodejs:22 (AXSA:2025-10673:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10673:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...