CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

IBM Security Bulletins•added 2026/04/13 3:39 p.m.•4 views

Security Bulletin: Remediation of Hibernate Vulnerability in IBM Library Support for Hibernate

Summary Hibernate Vulnerability has been addressed in IBM Library Support for Hibernate Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially...

8.3CVSS5.6AI score0.00606EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/04/10 1:46 p.m.•8 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Hibernate library

Summary Due to use of the Hibernate library, DevOps Test Performance and Rational Performance Tester contain a potential SQL injection vulnerability. CVE-2026-0603 Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could...

8.3CVSS6AI score0.00606EPSS

Exploits1Affected Software1

RedHat Linux•added 2026/03/18 1:19 p.m.•6 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.1AI score0.02772EPSS

Exploits4References13

Tenable Nessus•added 2026/03/18 12:0 a.m.•1 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.24 (RHSA-2026:4917)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4917 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS6.9AI score0.02772EPSS

Exploits4References23

IBM Security Bulletins•added 2026/03/02 6:11 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Maximo AI Service uses "torch-2.9.1-cp311-cp311-manylinux228x8664.whl, keras-3.12.0-py3-none-any.whl, hibernate-core-6.6.36.Final.jar" dependencies which are vulnerable to "CVE-2025-2998, CVE-2025-2999, CVE-2025-55552, CVE-2025-63396, CVE-2026-0897,...

8.3CVSS6AI score0.00606EPSS

Exploits5Affected Software1

Github Security Blog•added 2026/01/23 9:30 a.m.•5 views

Hibernate vulnerable to SQL Injection

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...

8.3CVSS6AI score0.00606EPSS

Exploits1References10Affected Software1

Cvelist•added 2025/11/07 1:8 p.m.•8 views

CVE-2025-10968 SQLi in GG Soft's PaperWork

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection. This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398...

8.8CVSS0.00269EPSS

Exploits0References2

EUVD•added 2025/11/07 1:8 p.m.•2 views

EUVD-2025-38250

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398...

8.8CVSS7.2AI score0.00269EPSS

Exploits0References2

Positive Technologies•added 2025/11/07 12:0 a.m.•5 views

PT-2025-45420

Name of the Vulnerable Software and Affected Versions PaperWork versions 6.1.0.9390 through 6.1.0.9397 Description The software contains a flaw due to improper neutralization of special elements used in an SQL command, leading to a SQL injection issue. This impacts the application's ability to...

8.8CVSS5.7AI score0.00269EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-44261

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00351EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:44 a.m.•9 views

CVE-2024-4658

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TE Informatics Nova CMS allows SQL Injection. This issue affects Nova CMS: before 5.0...

6.9CVSS5.8AI score0.00351EPSS

Exploits0References1

Cvelist•added 2024/11/21 1:21 p.m.•18 views

CVE-2024-7026 SQLi in Teknogis Informatics' Closed Circuit Vehicle Tracking Software

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Teknogis Informatics Closed Circuit Vehicle Tracking Software allows SQL Injection, Blind SQL Injection. This issue affects Closed Circuit Vehicle Tracking Software: through 21.11.2024. NOTE: The...

7.5CVSS0.00613EPSS

Exploits0References2

CVE•added 2024/11/21 1:21 p.m.•56 views

CVE-2024-7026

CVE-2024-7026 corresponds to an SQL injection vulnerability in Teknogis Informatics Closed Circuit Vehicle Tracking Software. Affected component is the software itself (Closed Circuit Vehicle Tracking Software), with the root cause described as improper neutralization of special elements in SQL c...

7.5CVSS5.8AI score0.00613EPSS

Exploits0References2

Vulnrichment•added 2024/11/21 1:21 p.m.•13 views

CVE-2024-7026 SQLi in Teknogis Informatics' Closed Circuit Vehicle Tracking Software

7.5CVSS5.8AI score0.00613EPSS

Exploits0References2

Positive Technologies•added 2024/11/21 12:0 a.m.•3 views

PT-2024-38034 · Teknogis Informatics · Teknogis Informatics Closed Circuit Vehicle Tracking

Name of the Vulnerable Software and Affected Versions: Teknogis Informatics Closed Circuit Vehicle Tracking Software versions through 21.11.2024 Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing SQL Injection and Blind SQL Injection...

7.5CVSS8AI score0.00613EPSS

Exploits0References3

NVD•added 2024/10/10 2:15 p.m.•25 views

CVE-2024-4658

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TE Informatics Nova CMS allows SQL Injection. This issue affects Nova CMS: before 5.0...

6.9CVSS0.00351EPSS

Exploits0References2

Vulnrichment•added 2024/10/10 1:38 p.m.•13 views

CVE-2024-4658 SQLi in TE Informatics' Nova CMS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TE Informatics Nova CMS allows SQL Injection. This issue affects Nova CMS: before 5.0...

6.9CVSS5.8AI score0.00351EPSS

Exploits0References2

ATTACKERKB•added 2024/08/27 2:15 p.m.•4 views

CVE-2024-7071

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0...

9.8CVSS5.8AI score0.00421EPSS

Exploits0References3