CVE-2025-1386 - Exploiting Query Smuggling in ch-go via Malicious External Data
Introduction
In June 2025, a critical security vulnerability was uncovered in the popular Go client library, ch-go, used to communicate with ClickHouse databases. Catalogued as
CVE-2025-24375 - Critical Credential Disclosure in Charmed MySQL K8s Operator
A recent vulnerability tracked as CVE-2025-24375 was discovered in the Charmed MySQL Kubernetes (K8s) Operator, which is a popular Charmed Operator for managing MySQL clusters
CVE-2025-25226 - SQL Injection Vulnerability in quoteNameStr — Risks When Extending the Database Package
*Published: 2024-06-15*
Summary:
A recently disclosed vulnerability, CVE-2025-25226, reveals how improper handling of SQL identifiers in the quoteNameStr method of a popular database package can
CVE-2025-29087 - Exploiting an Out-of-Bounds Write in SQLite's concat_ws() - PoC and Analysis
*Posted on June 21, 2024 by infosec_vault*
What is CVE-2025-29087?
CVE-2025-29087 is a newly disclosed vulnerability in SQLite affecting versions 3.44. through 3.
CVE-2025-30473 - SQL Injection Flaw in Apache Airflow Common SQL Provider Can Lead to Privilege Escalation
A new security vulnerability, CVE-2025-30473, was discovered in the Apache Airflow Common SQL Provider (versions before 1.24.1). This flaw allows authenticated users to
Episode
00:00:00
00:00:00