Lucene search
+L

950 matches found

Packet Storm
Packet Storm
added 2025/12/04 12:0 a.m.172 views

📄 Microsoft Windows 11 Build 10.0.27898.1000 AiRegistrySync Bypass / Privilege Escalation

Microsoft Windows 11 build 10.0.27898.1000 Metasploit module designed to achieve local privilege escalation on Windows 10/11 by targeting a vulnerability misconfiguration in the AiRegistrySync service...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/03 12:0 a.m.221 views

📄 Microsoft Windows 11 Build 10.0.22631.6199 Advanced Admin Protection Bypass

This enhanced proof of concept exploit demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privileg...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/02 9:26 p.m.10 views

CVE-2025-62728

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

5.4CVSS8.2AI score0.00343EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/28 12:0 a.m.8 views

Apache Hive SQL Injection Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...

5.4CVSS7.7AI score0.00343EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/11/26 9:40 a.m.9 views

com.expediagroup:drone-fly-app (=1.0.9), org.apache.hive:hive-beeline (>=4.0.0 <=4.1.0) +3 more potentially affected by CVE-2025-62728 via org.apache.hive:hive-standalone-metastore-server (>=4.0.0-alpha-1 <=4.1.0)

org.apache.hive:hive-standalone-metastore-server MAVEN version =4.0.0-alpha-1, =4.0.0, =4.0.0, =4.1.0 - org.apache.hive:hive-metastore-packaging =4.1.0 - org.apache.hive:hive-standalone-metastore-rest-catalog =4.1.0 Source cves: CVE-2025-62728 Source advisory: SNYK:JAVA-ORGAPACHEHIVE-14136073...

5.4CVSS7.2AI score0.00343EPSS
Exploits0
Snyk
Snyk
added 2025/11/26 9:40 a.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the processing of delete column statistics requests through the HMS Thrift APIs. An attacker can execute arbitrary SQL commands by sending specially crafted requests to the affected API endpoints. This is only...

7.5CVSS8.3AI score0.00343EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/11/26 9:31 a.m.7 views

io.github.linghengqian:hive-server2-jdbc-driver-thin (=2.0.0), nl.basjes.parse.useragent:yauaa-hive (=7.32.0) +32 more potentially affected by CVE-2025-62728 via org.apache.hive:hive-common (=4.1.0)

org.apache.hive:hive-common MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-common and may be impacted: - io.github.linghengqian:hive-server2-jdbc-driver-thin =2.0.0 - nl.basjes.parse.useragent:yauaa-hive =7.32...

5.4CVSS7.2AI score0.00343EPSS
Exploits0
OSV
OSV
added 2025/11/26 9:31 a.m.3 views

GHSA-932V-X9X2-VQ29 Hive Metastore Server is vulnerable to SQL Injection

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

8.6CVSS8.1AI score0.00343EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/11/26 9:31 a.m.6 views

org.apache.hive.hcatalog:hive-hcatalog-core (=4.1.0), org.apache.hive.hcatalog:hive-hcatalog-pig-adapter (=4.1.0) +10 more potentially affected by CVE-2025-62728 via org.apache.hive:hive-metastore (=4.1.0)

org.apache.hive:hive-metastore MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-metastore and may be impacted: - org.apache.hive.hcatalog:hive-hcatalog-core =4.1.0 -...

5.4CVSS7.2AI score0.00343EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/11/26 9:31 a.m.11 views

Hive Metastore Server is vulnerable to SQL Injection

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

5.4CVSS8.3AI score0.00343EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2025/11/26 9:15 a.m.14 views

CVE-2025-62728

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

5.4CVSS0.00343EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/26 8:45 a.m.1 views

CVE-2025-62728 Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

7.8AI score0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/26 8:45 a.m.16 views

CVE-2025-62728 Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/26 8:45 a.m.5 views

EUVD-2025-199715

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

7.6AI score0.00343EPSS
Exploits0References2
OSV
OSV
added 2025/11/26 8:45 a.m.6 views

CVE-2025-62728 Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

5.4CVSS7.2AI score0.00343EPSS
Exploits0References5
CVE
CVE
added 2025/11/26 8:45 a.m.29 views

CVE-2025-62728

CVE-2025-62728 (Apache Hive) : SQL injection in the Hive Metastore Server (HMS) when handling delete column statistics via Thrift APIs. Exploitation is limited to trusted/authorized callers with direct Thrift access; in typical deployments HMS is not publicly exposed and the issue is mitigated if...

5.4CVSS7.8AI score0.00343EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.8 views

PT-2025-48132

Name of the Vulnerable Software and Affected Versions Apache Hive versions 4.1.0 through 4.2.0 Description A SQL injection issue exists in the Hive Metastore Server HMS when handling delete column statistics requests through the Thrift APIs. This issue is exploitable only by authorized users or...

5.4CVSS7.7AI score0.00343EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.8 views

Apache Hive SQL注入漏洞

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...

5.4CVSS7.6AI score0.00343EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/22 12:33 p.m.11 views

CVE-2025-66087

Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...

4.3CVSS7AI score0.00157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/21 12:29 p.m.5 views

CVE-2025-66087 WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...

4.3CVSS6.6AI score0.00157EPSS
Exploits0References1
Rows per page
Query Builder