#sql

### Summary Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. ### Details The problem lies in the way how the expanded javadoc files are served. The `GET /javadoc/{repository}/<gav>/raw/<resource>` route uses the `<resource>` path parameter to find the file in the `javadocUnpackPath` directory and returns it's content to the user. [JavadocFacade.kt#L77](https://github.com/dzikoysk/reposilite/blob/68b73f19dc9811ccf10936430cf17f7b0e622bd6/reposilite-backend/src/main/kotlin/com/reposilite/javadocs/JavadocFacade.kt#L77): ```kotlin fun findRawJavadocResource(request: JavadocRawRequest): Result<JavadocRawResponse, ErrorResponse> = with (request) { mavenFacade.canAccessResource(accessToken, repository, gav) .flatMap { javadocContainerService.loadContainer(accessToken, repository, gav) } .filter({ Files.exists(it.javadocUnpackPath.resolve(resource.toString())) }, { notFound("Resourc...

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

SQLite3 suffers from a stack buffer underflow condition in seriesBestIndex in the generate_series extension.

A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent. "We believe this is the first public example of an AI agent finding

Misconfigurations, weak authentication, and logic flaws are among the main drivers of API security risks at many organizations.

SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.

The issue of GitHub data protection is increasingly discussed among developers on platforms like Reddit, X, and HackerNews.…

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component `/onlDragDatasetHead/getTotalData`.

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.