CWE-564: SQL Injection: Hibernate
low-riskUsing Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
Abstraction: Variant
Common Consequences
Confidentiality
→
Read Application Data
Real-World Examples (8)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2025-0959 | 8.8 | 0.1% | — |
| CVE-2024-48988 | 7.6 | 0.1% | — |
| CVE-2026-4594 | 7.3 | 0.0% | — |
| CVE-2025-8052 | 8.8 | 0.0% | — |
| CVE-2026-4593 | 6.3 | 0.0% | — |
| CVE-2026-23959 | 4.9 | 0.0% | — |
| CVE-2025-67280 | 5.4 | 0.0% | — |
| CVE-2026-22242 | 4.9 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal