34 matches found
Unity Linux 20.1070e Security Update: hibernate3 (UTSA-2026-016759)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016759 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...
Unity Linux 20.1070e Security Update: hibernate (UTSA-2026-016690)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016690 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: hibernate4 (UTSA-2026-016599)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016599 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...
📄 Hibernate ORM 5.6.15 SQL Injection
Hibernate ORM versions 5.6.15 and below suffer from a remote SQL injection vulnerability. CVE-2026-0603 Hibernate ORM Injection / Second-Order SQL Injection ★ CVE-2026-0603 Hibernate SQL Injection PoC ★ https://github.com/user-attachments/assets/2e7c3a89-e26f-48cd-af0b-8b82d32ce71f Overview...
EUVD-2022-0917
Malicious code in bioql PyPI...
This Week in Spring - January 28th, 2025
Hi, Spring fans! Welcome to another rip-roarin' and exciting installment of This Week in Spring , wherein we look at the amazing week that was in the Spring community. And what a week it's been! In addition to tons of cool tooling and AI related stuff, this week saw the release of the first steps...
SUSE CVE-2019-14900
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access...
Security Bulletin: IBM Security Verify Governance is vulnerable to SQL injection due to use of Hibernate ORM (CVE-2020-25638)
Summary IBM Security Verify Governance uses Hibernate ORM which is vulnerable to SQL injection, caused by misconfiguration for hibernate.usesqlcomments. A remote attacker could send specially-crafted SQL statements to manipulate data in the back-end databaseCVE-2020-25638. The affected jar was...
Security Bulletin: Hibernate ORM Vulnerabilities Affect IBM Control Center (CVE-2019-14900, CVE-2020-25638)
Summary Hibernate ORM is vulnerable to SQL injection. Vulnerability Details CVEID: CVE-2019-14900 DESCRIPTION: Hibernate ORM is vulnerable to SQL injection. The implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the...
hibernate: SQL injection issue in Hibernate ORM
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...
Hibernate ORM vulnerable to SQL injection
Overview Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produc...
JVN#90729322: Hibernate ORM vulnerable to SQL injection
Hibernate ORM is an ORM framework for Java. Hibernate ORM can be configured hibernate.usesqlcomments to true, which is false by default to add comments to generated SQL statements, aimed at debugging purpose. When hibernate.usesqlcomments is configured to true, malicious input may produce...
Red Hat Hibernate ORM SQL Injection Vulnerability
Red Hat Hibernate ORM is an object/relational mapping ORM framework for writing applications from Red Hat. Hibernate ORM suffers from a SQL injection vulnerability that can be exploited by an attacker to read or modify data via annotations in Hibernate ORM using SQL injection...
hibernate: SQL injection issue in Hibernate ORM
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...
hibernate: SQL injection issue in Hibernate ORM
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...
hibernate: SQL injection issue in Hibernate ORM
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...
hibernate: SQL injection issue in Hibernate ORM
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...
hibernate: SQL injection issue in Hibernate ORM
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...
hibernate: SQL injection issue in Hibernate ORM
A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further...