124 matches found
EUVD-2020-0269
Malware in sbrugna...
EUVD-2022-3098
Malicious code in bioql PyPI...
EUVD-2025-16774
Malicious code in bioql PyPI...
ROS-20250822-03
SafeHtml validator vulnerability in Hibernate Validator library is related to failure to take measures to protect web page structure when processing HTML content. web page structure when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to conduct...
Linux Distros Unpatched Vulnerability : CVE-2023-1932
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be...
Linux Distros Unpatched Vulnerability : CVE-2020-10693
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if...
Linux Distros Unpatched Vulnerability : CVE-2025-35036
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user- supplied input in a constraint violation message with...
hibernate-validator: Hibernate Validator Expression Language Injection
A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...
Hibernate Validator < 6.2 / 7.0 Arbitrary RCE
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dstack:server-base-local (>=0.0.12 <=0.1.15) +12161 more potentially affected by CVE-2020-5245 +3 more via org.hibernate.validator:hibernate-validator (>=6.0.0.Alpha1 <=6.1.7.Final)
org.hibernate.validator:hibernate-validator MAVEN version =6.0.0.Alpha1, =4.4.0.0, =0.0.12, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j11.2.4.0 and more Source cves: CVE-2020-5245, CVE-2025-35036, CVE-2025-4427...
ai.grakn.kgms:client (=1.4.3), ai.grakn:client-java (>=1.4.1 <=1.4.3) +9891 more potentially affected by CVE-2020-5245 +3 more via org.hibernate:hibernate-validator (>=3.0.0.GA <=6.1.7.Final)
org.hibernate:hibernate-validator MAVEN version =3.0.0.GA, =1.4.1, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =1.4.1, =0.13.0, =0.13.0, =0.14.0 and more Source cves: CVE-2020-5245, CVE-2025-35036, CVE-2025-4427, CVE-2025-4428 Source advisory:...
GHSA-7V6M-28JR-RG84 Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...
Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dstack:server-base-local (>=0.0.12 <=0.1.15) +12161 more potentially affected by CVE-2025-35036 via org.hibernate.validator:hibernate-validator (>=6.0.0.Alpha1 <=6.1.7.Final)
org.hibernate.validator:hibernate-validator MAVEN version =6.0.0.Alpha1, =4.4.0.0, =0.0.12, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j11.2.4.0 and more Source cves: CVE-2025-35036 Source advisory:...
br.com.thiaguten:umbrella-configuration (>=0.1.0 <=1.0.0), br.com.thiaguten:umbrella-core (>=0.1.0 <=1.0.0) +1272 more potentially affected by CVE-2025-35036 via org.hibernate:hibernate-validator (>=6.0.0.Beta2 <=6.1.7.Final)
org.hibernate:hibernate-validator MAVEN version =6.0.0.Beta2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.3.2-beta.6, =2.3.2-beta.5, =1.0.0, =1.1.16 - cn.openjava:openjava-spring-boot-starter =1.0.1 - cn.springcloud.gray:spring-cloud-gray-server =D.0.1.0-Beta-3 -...
Arbitrary Code Injection
Overview org.hibernate:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An attacker can...
CVE-2025-35036 hibernate-validator insecure default Expression Language interpolation
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...
CVE-2025-35036
CVE-2025-35036 affects Hibernate Validator prior to 6.2.0 and 7.0.0, where user-supplied input may be interpolated into constraint violation messages via Expression Language. This can lead to information disclosure or arbitrary Java code execution. The issue is mitigated in 6.2.0+ and 7.0.0+ by s...
CVE-2025-35036 hibernate-validator insecure default Expression Language interpolation
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...
CVE-2025-35036
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...