br.com.thiaguten:umbrella-configuration (>=0.1.0 <=1.0.0), br.com.thiaguten:umbrella-core (>=0.1.0 <=1.0.0) +1272 more potentially affected by CVE-2025-35036 via org.hibernate:hibernate-validator (>=6.0.0.Beta2 <=6.1.7.Final)

org.hibernate:hibernate-validator MAVEN version =6.0.0.Beta2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.3.2-beta.6, =2.3.2-beta.5, =1.0.0, =1.1.16 - cn.openjava:openjava-spring-boot-starter =1.0.1 - cn.springcloud.gray:spring-cloud-gray-server =D.0.1.0-Beta-3 -...

Arbitrary Code Injection

Overview org.hibernate:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An attacker can...

Arbitrary Code Injection

Overview org.hibernate.validator:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dstack:server-base-local (>=0.0.12 <=0.1.15) +12161 more potentially affected by CVE-2025-35036 via org.hibernate.validator:hibernate-validator (>=6.0.0.Alpha1 <=6.1.7.Final)

org.hibernate.validator:hibernate-validator MAVEN version =6.0.0.Alpha1, =4.4.0.0, =0.0.12, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j11.2.4.0 and more Source cves: CVE-2025-35036 Source advisory:...

CVE-2025-35036

CVE-2025-35036 affects Hibernate Validator prior to 6.2.0 and 7.0.0, where user-supplied input may be interpolated into constraint violation messages via Expression Language. This can lead to information disclosure or arbitrary Java code execution. The issue is mitigated in 6.2.0+ and 7.0.0+ by s...

CVE-2025-35036 hibernate-validator insecure default Expression Language interpolation

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

CVE-2025-35036 hibernate-validator insecure default Expression Language interpolation

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

PT-2025-23663 · Hibernate +3 · Hibernate Validator +3

CVE-2025-35036 Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expres… https://t.co/002YgA2hEa...

Hibernate Validator 安全漏洞

Hibernate Validator is a parameter validation framework from Hibernate. A security vulnerability exists in Hibernate Validator versions prior to 6.2.0 and prior to 7.0.0, which stems from user input interpolation in a constraint violation message, and could lead to the disclosure of sensitive...

The Cost of Restaking Vs. Proof-Of-Stake

We compare the efficiency of restaking and Proof-of-Stake PoS protocols in terms of stake requirements. First, we consider the sufficient condition for the restaking graph to be secure. We show that the condition implies that it is always possible to transform such a restaking graph into secure P...

Looking for Attention: Randomized Attention Test Design for Validator Monitoring in Optimistic Rollups

Optimistic Rollups ORUs significantly enhance blockchain scalability but inherently suffer from the verifier's dilemma, particularly concerning validator attentiveness. Current systems lack mechanisms to proactively ensure validators are diligently monitoring L2 state transitions, creating a...

Malicious code in hibernate-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ba5c88bd8432cb5249a0abdf018e4b4c5da5068923a451703ae35d409b16414 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4437 Malicious code in hibernate-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ba5c88bd8432cb5249a0abdf018e4b4c5da5068923a451703ae35d409b16414 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11463

The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

CVE-2023-38875

A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'...

CVE-2022-47924

An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation...

CVE-2021-43114

FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation...

CVE-2021-42764

The Proof-of-Stake PoS Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service delayed consensus decisions, and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain...

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent...