Lucene search
K

8 matches found

NVD
NVD
added 2 days ago11 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS0.00564EPSS
Exploits0References4
OSV
OSV
added 2026/01/09 4:16 p.m.6 views

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...

5.4CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.20 views

PT-2026-1876

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple Hibernate Query Language injection flaws. A user with limited privileges can exploit these to obtain passwords of other users and access sensitive data...

5.4CVSS6.9AI score0.00195EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.3 views

TIM BPM Suite和TIM FLOW 安全漏洞

TIM BPM Suite and TIM FLOW are both business process management software from TIM Germany. A security vulnerability exists in TIM BPM Suite and TIM FLOW versions 9.1.2 and earlier, which stems from Hibernate query language injection and could lead to information disclosure...

5.4CVSS6.8AI score0.00195EPSS
Exploits0References3
CVE
CVE
added 2026/01/09 12:0 a.m.11 views

CVE-2025-67280

TIM BPM Suite and TIM FLOW

5.4CVSS6.8AI score0.00195EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/09 12:0 a.m.23 views

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...

0.00195EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/20 12:0 a.m.14 views

CVE-2023-26093

Liima before 1.17.28 allows Hibernate query language HQL injection, related to colToSort in the deployment filter...

9.6AI score0.00861EPSS
Exploits0References2
CNVD
CNVD
added 2017/05/13 12:0 a.m.1 views

Hibernate SQL Injection Vulnerability in Electric Power Safety Supervision Information System

Electric Power Safety Supervision Information System is an electric power safety management system of Guodian Ruichi Vision Information Technology Co. There is a Hibernate SQL injection vulnerability in the power security monitoring system, by entering ' and 1=1, password arbitrary, and combining...

8.1AI score
Exploits0
Rows per page
Query Builder