CVE-2026-50813
- EPSS 0.11%
- Veröffentlicht 08.07.2026 00:00:00
- Zuletzt bearbeitet 08.07.2026 20:16:52
An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path
CVE-2026-50812
- EPSS 0.11%
- Veröffentlicht 08.07.2026 00:00:00
- Zuletzt bearbeitet 08.07.2026 20:16:51
A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqli...
CVE-2026-11824
- EPSS 0.18%
- Veröffentlicht 09.06.2026 19:21:42
- Zuletzt bearbeitet 11.06.2026 17:12:11
SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata...
CVE-2026-11822
- EPSS 0.18%
- Veröffentlicht 09.06.2026 19:08:31
- Zuletzt bearbeitet 11.06.2026 17:12:47
SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 p...
CVE-2025-70873
- EPSS 0.3%
- Veröffentlicht 12.03.2026 00:00:00
- Zuletzt bearbeitet 16.04.2026 21:15:47
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
CVE-2025-57141
- EPSS 0.71%
- Veröffentlicht 08.09.2025 00:00:00
- Zuletzt bearbeitet 12.09.2025 20:57:24
rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.
CVE-2025-7458
- EPSS 0.23%
- Veröffentlicht 29.07.2025 12:43:19
- Zuletzt bearbeitet 11.08.2025 19:11:30
An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from proces...
CVE-2025-6965
- EPSS 73.5%
- Veröffentlicht 15.07.2025 13:44:00
- Zuletzt bearbeitet 26.06.2026 16:36:04
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
CVE-2025-3277
- EPSS 0.72%
- Veröffentlicht 14.04.2025 16:50:48
- Zuletzt bearbeitet 18.08.2025 21:28:16
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a...
CVE-2025-29088
- EPSS 0.18%
- Veröffentlicht 10.04.2025 14:15:27
- Zuletzt bearbeitet 30.09.2025 16:59:27
In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocation...