MySQL

A remote, anonymous, or authenticated attacker can exploit multiple vulnerabilities in Oracle MySQL to compromise confidentiality, integrity, and availability.

A JSON-path traversal injection vulnerability exists in Kysely versions prior to 0.28.16, allowing attackers to traverse JSON sub-fields outside the intended scope, potentially leading to unauthorized read and write access to sensitive data in MySQL, PostgreSQL, and SQLite databases due to insufficient sanitization of JSON-path metacharacters in the `JSONPathBuilder.key()` and `.at()` functions.