EUVD-2025-16774

Malicious code in bioql PyPI...

MongoDB Server 安全漏洞

MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server versions prior to v6.0.25, prior to v7.0.22, an...

Hibernate Validator < 6.2 / 7.0 Arbitrary RCE

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

GHSA-7V6M-28JR-RG84 Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

UBUNTU-CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

Arbitrary Code Injection

Overview org.hibernate.validator:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An...

CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

CVE-2025-35036

CVE-2025-35036 affects Hibernate Validator prior to 6.2.0 and 7.0.0, where user-supplied input may be interpolated into constraint violation messages via Expression Language. This can lead to information disclosure or arbitrary Java code execution. The issue is mitigated in 6.2.0+ and 7.0.0+ by s...

GHSA-WFJ5-2MQR-7JVV Expression Language Injection in Netflix Conductor

Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...

RHEL 8 : postgresql:12 (RHSA-2021:2372)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2372 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream version: postgresql 12.7 Security Fixes: postgresql: Buffer overrun from integer overflow in array subscripting calculations CVE-2021-32027 postgresql: Memory...

SUSE: Security Advisory (SUSE-SU-2021:0543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0545-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : postgresql13 (SUSE-SU-2021:0543-1)

This update for postgresql13 fixes the following issues : Upgrade to version 13.2 : - Updating stored views and reindexing might be needed after applying this update. - CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. - CVE-2021-20229, bsc1182039: Fix...

Security fix for the ALT Linux 9 package postgresql12-1C version 12.5-alt4

Feb. 11, 2021 Alexei Takaseev 12.5-alt4 - Fix permission checks on constraint violation errors on partitions. Fixes CVE-2021-3393 - Re-applay patch from 1C...

Security fix for the ALT Linux 10 package postgresql15-1C version 12.5-alt4

Feb. 11, 2021 Alexei Takaseev 12.5-alt4 - Fix permission checks on constraint violation errors on partitions. Fixes CVE-2021-3393 - Re-applay patch from 1C...

CVE-2020-29567

An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checke...

CVE-2017-7536

It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an...