Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2026/05/13 6:30 p.m.4 views

EUVD-2025-209821

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

9.1CVSS5.9AI score0.0009EPSS
Exploits0References2
NVD
NVDadded 2026/05/13 6:16 a.m.4 views

CVE-2025-11159

Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...

9.1CVSS0.0009EPSS
Exploits0References1
NVD
NVDadded 2025/10/06 7:15 a.m.4 views

CVE-2025-58583

The application provides access to a login protected H2 database for caching purposes. The username is prefilled...

5.3CVSS0.00083EPSS
Exploits0References6
CVE
CVEadded 2025/10/06 6:52 a.m.7 views

CVE-2025-58583

CVE-2025-58583 affects SICK Enterprise Analytics and SICK Logistic Analytics products. The vulnerability stems from a login-protected H2 database used for caching where the username is prefilled, potentially enabling unauthorized access to the system. The available connected documents describe th...

5.3CVSS6.5AI score0.00083EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2025/10/06 6:52 a.m.4 views

EUVD-2025-32496

The application provides access to a login protected H2 database for caching purposes. The username is prefilled...

5.3CVSS6.3AI score0.00083EPSS
Exploits0References7
CVE
CVEadded 2025/08/25 5:0 p.m.22 views

CVE-2025-57772

CVE-2025-57772 affects DataEase prior to 2.10.12. A H2 JDBC RCE bypass exists where the getJdbcUrl method can return the JdbcUrl parameter, bypassing H2 filtering and allowing the JDBC URL to specify the driver (e.g., driver: org.h2.Driver) for the connection. This leads to potential remote code ...

9.8CVSS6.5AI score0.00315EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2025/04/03 12:0 a.m.1 views

SuperSonic 安全漏洞

SuperSonic is an AI+BI platform open-sourced by Tencent Music Entertainment. A security vulnerability exists in SuperSonic 0.9.8 and earlier versions, which stems from a code injection issue in the H2 database connection handling component...

9.8CVSS5.2AI score0.00271EPSS
Exploits1References5
CNNVD
CNNVDadded 2022/10/26 12:0 a.m.1 views

Metabase 安全漏洞

Metabase is an open source data analytics platform from Metabase, Inc. in the United States. A security vulnerability exists in Metabase that stems from the fact that H2 the example database can allow Remote Code Execution RCE, which can be abused by users who are able to write SQL queries on the...

8.8CVSS8.2AI score0.01607EPSS
Exploits0References2
CNVD
CNVDadded 2020/06/24 12:0 a.m.10 views

Apache SkyWalking SQL Injection Vulnerability

Apache SkyWalking is an application performance monitor from the Apache Software USA Foundation primarily for environments such as microservices, cloud-native and container-based. An SQL injection vulnerability exists in the H2/MySQL/TiDB storage implementation in Apache SkyWalking versions 6.0.0...

7.5CVSS8AI score0.94091EPSS
Exploits1References1
Rows per page
Query Builder