Lucene search
K

34 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-4593

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...

6.5CVSS6.2AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.3 views

CVE-2026-4594

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/23 8:40 p.m.2 views

SQL Injection: Hibernate

Overview Affected versions of this package are vulnerable to SQL Injection: Hibernate via the geneEruptHqlOrderBy function. An attacker can execute arbitrary SQL commands by manipulating the sort.field argument remotely. Remediation Upgrade xyz.erupt:erupt-jpa to version 1.13.1 or higher...

7.5CVSS7.9AI score0.00254EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/23 8:40 p.m.7 views

com.github.wjw465150:erupt-dsl (>=1.10.1 <=1.10.15), io.gitee.ank_code:ak-admin-bas (>=0.1 <=0.11) +18 more potentially affected by CVE-2026-4594 via xyz.erupt:erupt-jpa (>=1.10.beta <=1.12.9)

xyz.erupt:erupt-jpa MAVEN version =1.10.beta, =1.10.1, =0.1, =0.1, =0.1, =0.1, =0.1, =1.12.0, =1.12.20, =1.10.13, =1.10.8, =1.12.21, =1.11.7, =1.10.0-beta, =1.10.0-beta, =1.12.23 and more Source cves: CVE-2026-4594 Source advisory: SNYK:JAVA-XYZERUPT-15812216...

7.5CVSS7.1AI score0.00254EPSS
Exploits0
Snyk
Snyk
added 2026/03/23 6:42 p.m.2 views

SQL Injection: Hibernate

Overview Affected versions of this package are vulnerable to SQL Injection: Hibernate in the EruptDataQuery function of the MCP Tool Interface. An attacker can execute unauthorized SQL commands by manipulating input data processed by the application. Remediation Upgrade xyz.erupt:erupt-ai to...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/23 6:42 p.m.4 views

xyz.erupt:erupt-sample (>=1.13.2 <=1.13.3) potentially affected by CVE-2026-4593 via xyz.erupt:erupt-ai (>=1.13.2 <=1.13.3)

xyz.erupt:erupt-ai MAVEN version =1.13.2, =1.13.2, =1.13.3 Source cves: CVE-2026-4593 Source advisory: SNYK:JAVA-XYZERUPT-15812217...

6.5CVSS6.5AI score0.00192EPSS
Exploits0
EUVD
EUVD
added 2026/03/23 6:30 p.m.5 views

EUVD-2026-14475

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/23 6:30 p.m.3 views

EUVD-2026-14473

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...

6.5CVSS6.2AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/03/23 6:16 p.m.2 views

CVE-2026-4594

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 5:41 p.m.4 views

CVE-2026-4594

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/23 5:41 p.m.27 views

CVE-2026-4594 erupts erupt EruptJpaUtils.java geneEruptHqlOrderBy sql injection

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/23 5:41 p.m.3 views

CVE-2026-4594 erupts erupt EruptJpaUtils.java geneEruptHqlOrderBy sql injection

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 2026/03/23 5:41 p.m.8 views

CVE-2026-4594

The vulnerability CVE-2026-4594 affects the product family erupt (up to version 1.13.3). The issue is in the component erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java, specifically the function geneEruptHqlOrderBy, where manipulation of the sort.field argument leads to a S...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4
NVD
NVD
added 2026/03/23 5:16 p.m.4 views

CVE-2026-4593

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...

6.5CVSS0.00192EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/23 4:55 p.m.1 views

CVE-2026-4593 erupts erupt MCP Tool EruptDataQuery.java EruptDataQuery sql injection

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...

6.5CVSS6.2AI score0.00192EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/23 4:55 p.m.28 views

CVE-2026-4593 erupts erupt MCP Tool EruptDataQuery.java EruptDataQuery sql injection

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...

6.5CVSS0.00192EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 4:55 p.m.1 views

CVE-2026-4593

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...

6.5CVSS6.2AI score0.00192EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/23 4:55 p.m.10 views

CVE-2026-4593

CVE-2026-4593 describes a SQL injection in the EruptDataQuery function (erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java) within the MCP Tool Interface of erupts erupt bis 1.13.3. The issue arises from a manipulation that enables remote exploitation via a crafted input, with the ...

6.5CVSS5.4AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27150

A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate. It is possible to...

6.5CVSS5.4AI score0.00192EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.7 views

ERUPT 安全漏洞

ERUPT is a low-code + AI-based framework developed by YuePeng, a personal developer in China. Version 1.13.3 of ERUPT contains a security vulnerability. This vulnerability stems from incorrect operations on the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java in the MCP Tool...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References4
Rows per page
Query Builder