Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/17 11:45 a.m.4 views

CVE-2026-8752

A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access...

6.9CVSS5.7AI score0.00081EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-13305

Malicious code in bioql PyPI...

10CVSS6.4AI score
Exploits0References3
OSV
OSVadded 2025/09/21 10:15 a.m.2 views

CVE-2025-10769

A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connectionurl leads to deserialization. The attack may be launched remotely. The exploit has been disclos...

9.8CVSS6.7AI score
Exploits0References7
Cvelist
Cvelistadded 2025/09/21 9:33 a.m.7 views

CVE-2025-10769 h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization

A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connectionurl leads to deserialization. The attack may be launched remotely. The exploit has been disclos...

6.5CVSS0.00135EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2025/09/21 12:0 a.m.5 views

PT-2025-38662

Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions through 3.46.08 Description A flaw exists in h2oai h2o-3, specifically in an unknown function within the /99/ImportSQLTable file of the IBMDB2 JDBC Driver component. Manipulation of the connection url argument can lead to...

6.5CVSS6.2AI score0.00095EPSS
Exploits0References8
CVE
CVEadded 2025/03/20 10:9 a.m.56 views

CVE-2024-10553

CVE-2024-10553 affects h2oai/h2o-3 REST API 3.46.0.4. The issue lies in endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are passed to DriverManager.getConnection, enabling deserialization of untrusted data if a MySQL or PostgreSQL driver is present i...

9.8CVSS8AI score0.02857EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blogadded 2024/09/06 6:31 p.m.4 views

H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...

9.1CVSS7.3AI score0.00106EPSS
Exploits1References8Affected Software2
Rows per page
Query Builder