950 matches found
📄 Microsoft Windows 11 Build 10.0.27898.1000 AiRegistrySync Bypass / Privilege Escalation
Microsoft Windows 11 build 10.0.27898.1000 Metasploit module designed to achieve local privilege escalation on Windows 10/11 by targeting a vulnerability misconfiguration in the AiRegistrySync service...
📄 Microsoft Windows 11 Build 10.0.22631.6199 Advanced Admin Protection Bypass
This enhanced proof of concept exploit demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privileg...
CVE-2025-62728
SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...
Apache Hive SQL Injection Vulnerability
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...
com.expediagroup:drone-fly-app (=1.0.9), org.apache.hive:hive-beeline (>=4.0.0 <=4.1.0) +3 more potentially affected by CVE-2025-62728 via org.apache.hive:hive-standalone-metastore-server (>=4.0.0-alpha-1 <=4.1.0)
org.apache.hive:hive-standalone-metastore-server MAVEN version =4.0.0-alpha-1, =4.0.0, =4.0.0, =4.1.0 - org.apache.hive:hive-metastore-packaging =4.1.0 - org.apache.hive:hive-standalone-metastore-rest-catalog =4.1.0 Source cves: CVE-2025-62728 Source advisory: SNYK:JAVA-ORGAPACHEHIVE-14136073...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the processing of delete column statistics requests through the HMS Thrift APIs. An attacker can execute arbitrary SQL commands by sending specially crafted requests to the affected API endpoints. This is only...
io.github.linghengqian:hive-server2-jdbc-driver-thin (=2.0.0), nl.basjes.parse.useragent:yauaa-hive (=7.32.0) +32 more potentially affected by CVE-2025-62728 via org.apache.hive:hive-common (=4.1.0)
org.apache.hive:hive-common MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-common and may be impacted: - io.github.linghengqian:hive-server2-jdbc-driver-thin =2.0.0 - nl.basjes.parse.useragent:yauaa-hive =7.32...
GHSA-932V-X9X2-VQ29 Hive Metastore Server is vulnerable to SQL Injection
SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...
org.apache.hive.hcatalog:hive-hcatalog-core (=4.1.0), org.apache.hive.hcatalog:hive-hcatalog-pig-adapter (=4.1.0) +10 more potentially affected by CVE-2025-62728 via org.apache.hive:hive-metastore (=4.1.0)
org.apache.hive:hive-metastore MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-metastore and may be impacted: - org.apache.hive.hcatalog:hive-hcatalog-core =4.1.0 -...
Hive Metastore Server is vulnerable to SQL Injection
SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...
CVE-2025-62728
SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...
CVE-2025-62728 Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs
SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...
CVE-2025-62728 Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs
SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...
EUVD-2025-199715
SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...
CVE-2025-62728 Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs
SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...
CVE-2025-62728
CVE-2025-62728 (Apache Hive) : SQL injection in the Hive Metastore Server (HMS) when handling delete column statistics via Thrift APIs. Exploitation is limited to trusted/authorized callers with direct Thrift access; in typical deployments HMS is not publicly exposed and the issue is mitigated if...
PT-2025-48132
Name of the Vulnerable Software and Affected Versions Apache Hive versions 4.1.0 through 4.2.0 Description A SQL injection issue exists in the Hive Metastore Server HMS when handling delete column statistics requests through the Thrift APIs. This issue is exploitable only by authorized users or...
Apache Hive SQL注入漏洞
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...
CVE-2025-66087
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...
CVE-2025-66087 WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through = 2.1.12...