SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the processing of delete column statistics requests through the HMS Thrift APIs. An attacker can execute arbitrary SQL commands by sending specially crafted requests to the affected API endpoints. This is only...

Hive Metastore Server is vulnerable to SQL Injection

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

CVE-2025-62728

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

Jenkins Plugin Cluster Statistics 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request forge...

Code injection

delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter...