Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-4594

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/23 8:40 p.m.7 views

com.github.wjw465150:erupt-dsl (>=1.10.1 <=1.10.15), io.gitee.ank_code:ak-admin-bas (>=0.1 <=0.11) +18 more potentially affected by CVE-2026-4594 via xyz.erupt:erupt-jpa (>=1.10.beta <=1.12.9)

xyz.erupt:erupt-jpa MAVEN version =1.10.beta, =1.10.1, =0.1, =0.1, =0.1, =0.1, =0.1, =1.12.0, =1.12.20, =1.10.13, =1.10.8, =1.12.21, =1.11.7, =1.10.0-beta, =1.10.0-beta, =1.12.23 and more Source cves: CVE-2026-4594 Source advisory: SNYK:JAVA-XYZERUPT-15812216...

7.5CVSS7.1AI score0.00254EPSS
Exploits0
Snyk
Snyk
added 2026/03/23 8:40 p.m.2 views

SQL Injection: Hibernate

Overview Affected versions of this package are vulnerable to SQL Injection: Hibernate via the geneEruptHqlOrderBy function. An attacker can execute arbitrary SQL commands by manipulating the sort.field argument remotely. Remediation Upgrade xyz.erupt:erupt-jpa to version 1.13.1 or higher...

7.5CVSS7.9AI score0.00254EPSS
Exploits0References2
NVD
NVD
added 2026/03/23 6:16 p.m.3 views

CVE-2026-4594

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 5:41 p.m.4 views

CVE-2026-4594

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/23 5:41 p.m.27 views

CVE-2026-4594 erupts erupt EruptJpaUtils.java geneEruptHqlOrderBy sql injection

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/23 5:41 p.m.3 views

CVE-2026-4594 erupts erupt EruptJpaUtils.java geneEruptHqlOrderBy sql injection

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 2026/03/23 5:41 p.m.8 views

CVE-2026-4594

The vulnerability CVE-2026-4594 affects the product family erupt (up to version 1.13.3). The issue is in the component erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java, specifically the function geneEruptHqlOrderBy, where manipulation of the sort.field argument leads to a S...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

ERUPT 安全漏洞

ERUPT is a low-code + AI-based framework developed by YuePeng, a personal developer in China. Versions of ERUPT prior to 1.13.3 contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the sort.field parameter in the...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27166

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References5
Rows per page
Query Builder