Lucene search
K

34 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: hibernate3 (UTSA-2026-016759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016759 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

6.5CVSS5.8AI score0.02126EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: hibernate (UTSA-2026-016690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016690 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

6.5CVSS6.8AI score0.02126EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: hibernate4 (UTSA-2026-016599)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016599 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

6.5CVSS6.8AI score0.02126EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.16 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

9.9CVSS7.2AI score0.10629EPSS
Exploits6References59
Packet Storm
Packet Storm
added 2026/05/06 12:0 a.m.73 views

📄 Hibernate ORM 5.6.15 SQL Injection

Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability. CVE-2026-0603 Hibernate ORM Injection / Second-Order SQL Injection ★ CVE-2026-0603 Hibernate SQL Injection PoC ★ https://github.com/user-attachments/assets/2e7c3a89-e26f-48cd-af0b-8b82d32ce71f Overview...

8.3CVSS5.9AI score0.00782EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0917

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.02126EPSS
Exploits0References26
Spring Security Advisories
Spring Security Advisories
added 2025/01/28 12:0 a.m.13 views

This Week in Spring - January 28th, 2025

Hi, Spring fans! Welcome to another rip-roarin' and exciting installment of This Week in Spring , wherein we look at the amazing week that was in the Spring community. And what a week it's been! In addition to tons of cool tooling and AI related stuff, this week saw the release of the first steps...

6.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.5 views

SUSE CVE-2019-14900

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access...

6.5CVSS7.6AI score0.02126EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/03 4:42 p.m.38 views

Security Bulletin: IBM Security Verify Governance is vulnerable to SQL injection due to use of Hibernate ORM (CVE-2020-25638)

Summary IBM Security Verify Governance uses Hibernate ORM which is vulnerable to SQL injection, caused by misconfiguration for hibernate.usesqlcomments. A remote attacker could send specially-crafted SQL statements to manipulate data in the back-end databaseCVE-2020-25638. The affected jar was...

7.4CVSS7.1AI score0.02907EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/14 9:22 p.m.34 views

Security Bulletin: Hibernate ORM Vulnerabilities Affect IBM Control Center (CVE-2019-14900, CVE-2020-25638)

Summary Hibernate ORM is vulnerable to SQL injection. Vulnerability Details CVEID: CVE-2019-14900 DESCRIPTION: Hibernate ORM is vulnerable to SQL injection. The implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the...

7.4CVSS1.1AI score0.02907EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.4 views

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

6.5CVSS5.9AI score0.02126EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/11/19 5:33 a.m.4 views

Hibernate ORM vulnerable to SQL injection

Overview Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produc...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References11
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/11/19 12:0 a.m.74 views

JVN#90729322: Hibernate ORM vulnerable to SQL injection

Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produce...

7.4CVSS7.5AI score0.02907EPSS
Exploits0
CNNVD
CNNVD
added 2020/11/19 12:0 a.m.9 views

Red Hat Hibernate ORM SQL Injection Vulnerability

Red Hat Hibernate ORM is an object/relational mapping ORM framework for writing applications from Red Hat. Hibernate ORM suffers from a SQL injection vulnerability that can be exploited by an attacker to read or modify data via annotations in Hibernate ORM using SQL injection...

7.4CVSS7.2AI score0.02907EPSS
Exploits0References42
RedHat Linux
RedHat Linux
added 2020/11/05 6:48 p.m.3 views

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

6.5CVSS5.9AI score0.02126EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/05 6:47 p.m.2 views

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

6.5CVSS5.9AI score0.02126EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/14 11:16 a.m.3 views

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

6.5CVSS5.9AI score0.02126EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 1:5 p.m.4 views

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

6.5CVSS5.9AI score0.02126EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.2 views

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

6.5CVSS5.9AI score0.02126EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 12:57 p.m.4 views

hibernate: SQL injection issue in Hibernate ORM

A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...

6.5CVSS5.9AI score0.02126EPSS
Exploits0References4
Rows per page
Query Builder