4786 matches found
CVE-2025-4644
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token JWT, and then delete the account, which did not invalidate the JWT. As a result, the next newly created us...
Linux Distros Unpatched Vulnerability : CVE-2024-7009
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unsanitized user-input in Calibre = 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database...
GHSA-26RV-H2HF-3FW4 Payload's SQLite adapter Session Fixation vulnerability
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token JWT, and then delete the account, which did not invalidate the JWT. As a result, the next newly created us...
Payload's SQLite adapter Session Fixation vulnerability
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token JWT, and then delete the account, which did not invalidate the JWT. As a result, the next newly created us...
CVE-2025-4644
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token JWT, and then delete the account, which did not invalidate the JWT. As a result, the next newly created us...
CVE-2025-4644
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token JWT, and then delete the account, which did not invalidate the JWT. As a result, the next newly created us...
CVE-2025-4644 User Session Fixation after Account Removal in PayloadCMS
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token JWT, and then delete the account, which did not invalidate the JWT. As a result, the next newly created us...
CVE-2025-4644 User Session Fixation after Account Removal in PayloadCMS
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token JWT, and then delete the account, which did not invalidate the JWT. As a result, the next newly created us...
CVE-2025-4644
CVE-2025-4644 describes a Session Fixation vulnerability in Payload’s SQLite adapter where an attacker could trigger identifier reuse during account creation. The attacker could create an account, store its JWT, delete the account, and later a new user would receive the same identifier, enabling ...
Payload 授权问题漏洞
Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Payload suffers from an authorization issue vulnerability that stems from SQLite adapters reusing identifiers during account creation, which could lead to a session fixation attack...
PT-2025-35201
Name of the Vulnerable Software and Affected Versions: Payload versions prior to 3.44.0 Description: A session fixation issue existed in Payload's SQLite adapter due to identifier reuse during account creation. An attacker could create an account, save its JSON Web Token JWT, delete the account,...
[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.4.x, 6.5.1 and 6.6.0: SC-202508.1
R1 Stand-alone Security Patches Available for Tenable Security Center versions 6.4.x, 6.5.1 and 6.6.0: SC-202508.1 Arnie Cabral Thu, 08/28/2025 - 11:18 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components Apache, PHP, sqlit...
FreeBSD : SQLite -- application crash (6989312e-8366-11f0-9bc6-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6989312e-8366-11f0-9bc6-b42e991fc52e advisory. [email protected] reports: In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in th...
RockyLinux 8 : nodejs:22 (RLSA-2025:11803)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:11803 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note tha...
CVE-2025-50983
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...
CVE-2025-50983
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...
PT-2025-34881 · Unknown · Diskover-Web
Name of the Vulnerable Software and Affected Versions: diskover-web version 2.3.0 Description: The application is susceptible to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Improper input validation and parameterization in JSON-based query constructio...
Linux Distros Unpatched Vulnerability : CVE-2023-32697
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. Thi...
CVE-2025-50983
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...
PT-2025-34877 · Readarr · Readarr
Name of the Vulnerable Software and Affected Versions: readarr version 0.4.15.2787 Description: A SQL Injection issue exists in readarr that allows attackers to inject and execute arbitrary SQL commands against the backend SQLite database. The /api/v1/wanted/cutoff API endpoint does not properly...