FreeBSD : SQLite -- CWE-190 Integer Overflow or Wraparound (c5889223-b4e1-11f0-ae9b-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c5889223-b4e1-11f0-ae9b-b42e991fc52e advisory. https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g reports: An integer...

freiburg-ris-ca (=0.1.0), katalyst (=0.9.1) +2 more potentially affected by CVE-2025-64104 via langgraph-checkpoint-sqlite (>=1.0.4 <=2.0.10)

langgraph-checkpoint-sqlite PYPI version =1.0.4, =0.1.0a1, =0.1.0a24 Source cves: CVE-2025-64104 Source advisory: OSV:GHSA-7P73-8JQX-23R8...

GHSA-7P73-8JQX-23R8 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

Summary LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. Details /langgraph/libs/checkpoint-sqlite/langgraph/store/sqlite/base.py...

LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

Summary LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. Details /langgraph/libs/checkpoint-sqlite/langgraph/store/sqlite/base.py...

EUVD-2025-36720

LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore...

CVE-2025-64104

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...

CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...

CVE-2025-64104

LangGraph SQLite Checkpoint (SqliteStore) has a SQL injection vulnerability due to direct string concatenation when building JSON path-based filters. Effective prior to version 2.0.11, this flaw could allow attackers with local privileges to inject arbitrary SQL and bypass access controls. The is...

CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...

CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.27 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

Siemens SIMATIC Devices Use After Free (CVE-2024-0232)

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. This...

langchainlanggraph-checkpoint-sqlite SQL注入漏洞

langchainlanggraph-checkpoint-sqlite is an open source database connectivity Python library from LangChain. An SQL injection vulnerability exists in langchainlanggraph-checkpoint-sqlite versions prior to 2.0.11, which stems from the use of a direct string concatenation that is not properly...

Siemens SIMATIC Devices Heap-based Buffer Overflow (CVE-2023-7104)

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a...

FreeBSD : SQLite -- Integer Overflow vulnerability (2cd61f76-b41b-11f0-bf21-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2cd61f76-b41b-11f0-bf21-b42e991fc52e advisory. http://sqlite3.com reports: Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote...

SUSE CVE-2025-52099

DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-29088. Reason: This record is a duplicate of CVE-2025-29088. Notes: All CVE users should reference CVE-2025-29088 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage...

CVE-2025-8709

A SQL injection vulnerability exists in LangGraph’s SQLite store implementation due to improper string concatenation when building filter conditions in the getfiltercondition function. The JSON key portion of the jsonextract path is directly concatenated into SQL statements without sanitization o...

Linux Distros Unpatched Vulnerability : CVE-2025-52099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function CVE-2025-52099...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-47692)

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has been...

SQL Injection

Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to SQL Injection via improper handling of filter $eq, $ne, $gt, $lt, $gte, $lte operators in the LangGraph SQLite store implementation. An...