PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages

Summary PMD's vbhtml and yahtml report formats insert rule violation messages into HTML output without escaping. When PMD analyzes untrusted source code containing crafted string literals, the generated HTML report contains executable JavaScript that runs when opened in a browser. While the defau...

hibernate-validator: Hibernate Validator Expression Language Injection

A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...

hibernate-validator: Hibernate Validator Expression Language Injection

A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language...

Hibernate Validator < 6.2 / 7.0 Arbitrary RCE

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

DEBIAN-CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

UBUNTU-CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

Arbitrary Code Injection

Overview org.hibernate.validator:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the interpolation of user-supplied input in constraint violation messages with Expression Language. An...

CVE-2025-35036

CVE-2025-35036 affects Hibernate Validator prior to 6.2.0 and 7.0.0, where user-supplied input may be interpolated into constraint violation messages via Expression Language. This can lead to information disclosure or arbitrary Java code execution. The issue is mitigated in 6.2.0+ and 7.0.0+ by s...

Hibernate Validator 安全漏洞

Hibernate Validator is a parameter validation framework from Hibernate. A security vulnerability exists in Hibernate Validator versions prior to 6.2.0 and prior to 7.0.0, which stems from user input interpolation in a constraint violation message, and could lead to the disclosure of sensitive...

The vulnerability of Google Chrome browser allows a perpetrator to obtain confidential information.

The vulnerability of the Content Security Policy CSP implementation in Google Chrome’s Blink engine is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential information about visited web pages by...