Lucene search
K

17 matches found

Nuclei
Nuclei
added yesterday18 views

XWiki - HQL Injection

XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...

9.3CVSS7.8AI score0.02207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS6.2AI score0.00564EPSS
Exploits0References5
CVE
CVE
added 5 days ago15 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection via the wechatLoginHelper.do endpoint. An attacker can inject malicious HQL into the uid parameter, abusing the string-concatenated filter expression passed to Hibernate findList() to query arbitrary entity classes. This can lead to extraction ...

8.7CVSS6.2AI score0.00564EPSS
In wildExploits0References4
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.5 views

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...

5.4CVSS7.2AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/01/09 4:16 p.m.11 views

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...

5.4CVSS0.00195EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 12:0 a.m.5 views

CVE-2025-67280

In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user...

6.8AI score0.00195EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/20 9:30 p.m.6 views

EUVD-2025-35106

SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...

1CVSS7.2AI score0.00326EPSS
Exploits0References2
NVD
NVD
added 2025/10/20 8:15 p.m.6 views

CVE-2025-8052

SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...

8.8CVSS0.00326EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/06 8:16 p.m.5 views

EUVD-2025-32540

XWiki Platform is vulnerable to HQL injection via wiki and space search REST API...

9.3CVSS6.7AI score0.02207EPSS
Exploits0References5
Snyk
Snyk
added 2025/10/06 8:16 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the orderField parameter in the REST API. An attacker can execute arbitrary HQL statements by injecting crafted input, potentially leading to unauthorized data access or manipulation. Remediation Upgrade...

9.8CVSS8AI score0.02207EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-29966

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00861EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/05/30 12:0 a.m.5 views

The vulnerability of the Hibernate query service implementation in the Kaiten project management system lies in the lack of protective measures for the SQL query structure. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Hibernate query service implementation in the Kaiten project management tool is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of th...

9.9CVSS5.6AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:27 a.m.11 views

CVE-2023-26093

Liima before 1.17.28 allows Hibernate query language HQL injection, related to colToSort in the deployment filter...

9.8CVSS6.8AI score0.00861EPSS
Exploits0References1
NVD
NVD
added 2023/02/20 5:15 a.m.16 views

CVE-2023-26093

Liima before 1.17.28 allows Hibernate query language HQL injection, related to colToSort in the deployment filter...

9.8CVSS9.4AI score0.00861EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/20 12:0 a.m.11 views

CVE-2023-26093

Liima before 1.17.28 allows Hibernate query language HQL injection, related to colToSort in the deployment filter...

9.4AI score0.00861EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/10/12 12:0 a.m.6 views

PT-2020-6996 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.3-milestone-2 through 13.10.4 XWiki Platform versions 11.10.6 through 14.3-rc-1 are not needed as they are included in the range above, so the final version is: XWiki Platform versions 6.3-milestone-2 through 13.10.4...

9.8CVSS7.3AI score0.00717EPSS
Exploits0References13
myhack58
myhack58
added 2016/06/14 12:0 a.m.30 views

HITB16 issues resolution: Java applications ORM injection the development of new methods-vulnerability warning-the black bar safety net

! “Hack In The Box”conference is in Europe in Amsterdam, organized by the global well-known Security Summit. This year's conference very interesting, one by a security researcher Mikhail Egorov and Sergey Soldatov presented the topic“Java application ORM injection the development of new...

0.1AI score
Exploits0
Rows per page
Query Builder