CVE-2026-0603

CVE-2026-0603 : A second-order SQL injection vulnerability in Hibernate Core via the InlineIdsOrClauseBuilder allows a remote attacker with low privileges to craft non-alphanumeric IDs to read sensitive data (e.g., system files) and manipulate or delete data, causing an application‑level denial o...

CVE-2026-0603

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...

CVE-2026-0603 Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...

CVE-2026-0603 Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...

PT-2026-4327

Name of the Vulnerable Software and Affected Versions Hibernate affected versions not specified Description A flaw exists in Hibernate that allows a remote attacker with low privileges to exploit a second-order SQL injection. The issue occurs when specially crafted, unsanitized non-alphanumeric...

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the fact that the second timer API does not re-verify repository access permissions. This allows users to still view the problem title and repository...

Malicious code in spellcheckpy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 063d67bbc510966bb83b63d1ba79a8279cf212b9028005800d6f2f99534eec46 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

ROS-20260119-7304

A vulnerability in the ppsgpioprobe function of the drivers/pps/clients/pps-gpio.c module of the Linux kernel PPS client support driver is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability...

Hibernate security vulnerability

Hibernate is an object-relational mapping framework developed by the Hibernate company. Hibernate has a security vulnerability that stems from second-order SQL injection, which may lead to information leakage and data deletion...

CVE-2023-45292

When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct...

CVE-2021-22057

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify...

CVE-2020-12812

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication FortiToken if they changed the case of their username...

CVE-2025-69197

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This...

[SECURITY] Fedora 42 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-9.fc42

The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...

[SECURITY] Fedora 43 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-11.fc43

The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...

SUSE CVE-2023-54237

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48" 0 ffff9456c1cc79a0 machinekexec at...

Scalable Ultrafast Random Bit Generation Using Wideband Chaos-Based Entropy Sources

The exponential growth of data transmission and processing speeds in modern digital infrastructure requires entropy sources capable of producing large volumes of true randomness for information security. Chaotic emissions from semiconductor lasers are attractive in this context because of their...

EUVD-2023-60404

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48" 0 ffff9456c1cc79a0 machinekexec at...

CVE-2023-54237

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix potential panic dues to unprotected smcllcsrvaddlink There is a certain chance to trigger the following panic: PID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: "kworker/1:48" 0 ffff9456c1cc79a0 machinekexec at...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992482)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992482 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/hisi: Drop second sensor hi3660 The commit 74c8e6bffbe1 driver core: Add allocsiz...