ROOT-APP-MAVEN-CVE-2024-49203 CVE-2024-49203 in io.root.com.querydsl:querydsl-jpa - Patched by Root

Root has patched CVE-2024-49203 in the io.root.com.querydsl:querydsl-jpa package for Root:Maven. Multiple fixed versions available...

Unity Linux 20.1070e Security Update: hibernate (UTSA-2026-016690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016690 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +23532 more potentially affected by CVE-2026-42585 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-42585 Sourc...

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +6304 more potentially affected by CVE-2026-6860 via io.vertx:vertx-core (>=4.3.4 <=4.5.26)

io.vertx:vertx-core MAVEN version =4.3.4, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.86, =0.0.86, =0.0.86, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 - ai.pipestream.module:module-chunk...

Astra Linux - уязвимость в libhibernate3-java

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

This Week in Spring - April 7th, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! It's April 7th, 2026, and I'm on the road! I started the journey for the amazing Voxxed Days Amsterdam show and am now winding my way through France. I visited Colmar, a beautiful city from which the animators on Disney's Beau...

au.csiro.pathling:encoders (>=8.0.0 <=9.5.0), au.csiro.pathling:fhirpath (>=8.0.0 <=9.5.0) +166 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.4.1 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.4.1, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855257...

com.github.vzakharchenko:chillispot-radius-plugin (>=1.2.6 <=1.4.11), com.github.vzakharchenko:cisco-radius-plugin (>=1.2.5 <=1.4.11) +72 more potentially affected by CVE-2026-3190 via org.keycloak:keycloak-model-jpa (>=10.0.0 <=26.5.5)

org.keycloak:keycloak-model-jpa MAVEN version =10.0.0, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =5.1.0-26.1, =2.5.6-24.0, =2.0.6, =15.0.0.1 and more Source cves: CVE-2026-3190 Source advisory: OSV:GHSA-Q35R-VVHV-VX5H...

CVE-2026-4594

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

SQL Injection: Hibernate

Overview Affected versions of this package are vulnerable to SQL Injection: Hibernate via the geneEruptHqlOrderBy function. An attacker can execute arbitrary SQL commands by manipulating the sort.field argument remotely. Remediation Upgrade xyz.erupt:erupt-jpa to version 1.13.1 or higher...

com.github.wjw465150:erupt-dsl (>=1.10.1 <=1.10.15), io.gitee.ank_code:ak-admin-bas (>=0.1 <=0.11) +18 more potentially affected by CVE-2026-4594 via xyz.erupt:erupt-jpa (>=1.10.beta <=1.12.9)

xyz.erupt:erupt-jpa MAVEN version =1.10.beta, =1.10.1, =0.1, =0.1, =0.1, =0.1, =0.1, =1.12.0, =1.12.20, =1.10.13, =1.10.8, =1.12.21, =1.11.7, =1.10.0-beta, =1.10.0-beta, =1.12.23 and more Source cves: CVE-2026-4594 Source advisory: SNYK:JAVA-XYZERUPT-15812216...

CVE-2026-4594

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

CVE-2026-4594 erupts erupt EruptJpaUtils.java geneEruptHqlOrderBy sql injection

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

CVE-2026-4594

The vulnerability CVE-2026-4594 affects the product family erupt (up to version 1.13.3). The issue is in the component erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java, specifically the function geneEruptHqlOrderBy, where manipulation of the sort.field argument leads to a S...

CVE-2026-4594

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

CVE-2026-4594 erupts erupt EruptJpaUtils.java geneEruptHqlOrderBy sql injection

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

ERUPT 安全漏洞

ERUPT is a low-code + AI-based framework developed by YuePeng, a personal developer in China. Versions of ERUPT prior to 1.13.3 contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the sort.field parameter in the...

PT-2026-27166

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

org.apache.syncope.core:syncope-core-persistence-jpa-json (>=3.0.0 <=3.0.14), org.apache.syncope.core:syncope-core-self-keymaster-starter (>=3.0.0 <=3.0.14) +6 more potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-persistence-jpa (>=3.0.0-M0 <=3.0.14)

org.apache.syncope.core:syncope-core-persistence-jpa MAVEN version =3.0.0-M0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.10, =3.0.0, =3.0.14 Source cves: CVE-2025-65998 Source advisory: SNYK:JAVA-ORGAPACHESYNCOPECORE-14105148...

EUVD-2019-0471

Malware in sbrugna...