CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

RedhatCVE•added 2025/12/02 9:26 p.m.•3 views

CVE-2025-62728

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

5.4CVSS8.2AI score0.0012EPSS

Exploits0References1

CNVD•added 2025/11/28 12:0 a.m.•5 views

Apache Hive SQL Injection Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...

5.4CVSS7.7AI score0.0012EPSS

Exploits0References1

OSV•added 2025/11/26 9:31 a.m.•2 views

GHSA-932V-X9X2-VQ29 Hive Metastore Server is vulnerable to SQL Injection

8.6CVSS8.1AI score0.0012EPSS

Exploits0References6

OSV•added 2025/11/26 9:15 a.m.•3 views

CVE-2025-62728

5.4CVSS8.1AI score

Exploits0References2

Cvelist•added 2025/11/26 8:45 a.m.•6 views

CVE-2025-62728 Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs

0.0012EPSS

Exploits0References1

EUVD•added 2025/11/26 8:45 a.m.•1 views

EUVD-2025-199715

7.6AI score0.0012EPSS

Exploits0References2

CVE•added 2025/11/26 8:45 a.m.•15 views

CVE-2025-62728

CVE-2025-62728 (Apache Hive) : SQL injection in the Hive Metastore Server (HMS) when handling delete column statistics via Thrift APIs. Exploitation is limited to trusted/authorized callers with direct Thrift access; in typical deployments HMS is not publicly exposed and the issue is mitigated if...

5.4CVSS7.8AI score0.0012EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/11/26 8:45 a.m.•1 views

CVE-2025-62728 Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs

7.8AI score0.0012EPSS

Exploits0References1

Positive Technologies•added 2025/11/26 12:0 a.m.•2 views

PT-2025-48132

Name of the Vulnerable Software and Affected Versions Apache Hive versions 4.1.0 through 4.2.0 Description A SQL injection issue exists in the Hive Metastore Server HMS when handling delete column statistics requests through the Thrift APIs. This issue is exploitable only by authorized users or...

5.4CVSS7.7AI score0.0012EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2019-2172

Malware in sbrugna...

4.3CVSS6.1AI score0.00254EPSS

Exploits0References20

SUSE CVE•added 2023/02/15 4:13 a.m.•2 views

SUSE CVE-2019-10130

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain...

4.3CVSS6.8AI score0.00254EPSS

Exploits0References11

RedHat Linux•added 2021/01/18 4:22 p.m.•2 views

postgresql: Selectivity estimators bypass row security policies

PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit thi...

4.3CVSS7.2AI score0.00254EPSS

Exploits0References5

RedHat Linux•added 2020/12/22 9:27 a.m.•3 views

postgresql: Selectivity estimators bypass row security policies

4.3CVSS7.2AI score0.00254EPSS

Exploits0References5

RedHat Linux•added 2020/03/26 12:30 p.m.•2 views

postgresql: Selectivity estimators bypass row security policies

4.3CVSS7.2AI score0.00254EPSS

Exploits0References5

OSV•added 2019/07/30 5:15 p.m.•21 views

CVE-2019-10130