Lucene search
K

191 matches found

OSV
OSV
added 2026/03/20 3:27 a.m.6 views

CVE-2026-32939 DataEase is Vulnerable to H2 JDBC RCE Bypass

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

7.7CVSS5.8AI score0.00447EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/20 3:27 a.m.6 views

EUVD-2026-13525

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

7.7CVSS5.8AI score0.00447EPSS
Exploits1References3
CVE
CVE
added 2026/03/20 3:27 a.m.17 views

CVE-2026-32939

DataEase (open-source data visualization tool) versions 2.10.19 and earlier suffer a locale-related input validation bug in JDBC URL handling. DataEase uses String.toUpperCase() without an explicit Locale, making its security checks depend on the JVM’s default locale, while H2 JDBC normalizes URL...

8.1CVSS5.8AI score0.00447EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.16 views

PT-2026-20266

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An information exposure issue exists in Datart version 1.0.0-rc.3. Authenticated attackers can potentially access sensitive data through a custom H2 JDBC connection string. The issue involves the potential...

5.7CVSS5.4AI score0.00429EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.11 views

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

9.8CVSS8.7AI score0.00944EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.17 views

CVE-2022-31764

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

8.5CVSS6.7AI score0.00671EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 8:15 p.m.7 views

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

9.8CVSS0.00944EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.13 views

PT-2026-1866

Name of the Vulnerable Software and Affected Versions JimuReport versions through 2.1.3 Description The software is susceptible to remote code execution when handling user-supplied H2 JDBC URLs. The application directly passes the attacker-controlled JDBC URL to the H2 driver, enabling the use of...

9.8CVSS7.2AI score0.00944EPSS
Exploits1References8
NVD
NVD
added 2025/10/17 6:15 p.m.7 views

CVE-2025-62420

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.8CVSS0.00915EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/17 5:11 p.m.6 views

EUVD-2025-34918

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.2CVSS7.5AI score0.00915EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/17 5:11 p.m.13 views

CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.2CVSS0.00915EPSS
Exploits1References2
OSV
OSV
added 2025/10/17 5:11 p.m.7 views

CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.2CVSS8AI score0.00915EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0461

Malware in sbrugna...

9.1CVSS9.1AI score0.04983EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2477

Malware in sbrugna...

9.1CVSS9.1AI score0.03284EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-0044

Malware in sbrugna...

9.8CVSS9.3AI score0.33478EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-6257

Malware in sbrugna...

6.5CVSS6.5AI score0.13389EPSS
Exploits5References7
Vulnrichment
Vulnrichment
added 2025/10/06 6:52 a.m.4 views

CVE-2025-58583 User Enumeration

The application provides access to a login protected H2 database for caching purposes. The username is prefilled...

5.3CVSS6.5AI score0.0034EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-41827

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00967EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-31077

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00969EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-41366

Malicious code in bioql PyPI...

10CVSS9.1AI score0.01124EPSS
Exploits0References1
Rows per page
Query Builder