CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

CVE•added 2026/05/17 10:45 a.m.•13 views

CVE-2026-8750

CVE-2026-8750 affects h2oai h2o-3 up to version 7402. The vulnerability lies in the ImportFile API’s ImportFile/PersistNFS.java importFiles() function, enabling remote information disclosure due to manipulation of file persistence. Multiple sources (NVD, Red Hat, CVE listings, and PT Security) de...

7.5CVSS5.8AI score0.00013EPSS

Exploits0References4Affected Software1

Veracode•added 2025/10/28 9:53 a.m.•3 views

Deserialization Of Untrusted Data

h2o is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of JDBC connection parameters with insufficient input validation, which allows an attacker to bypass regular expression checks using double URL encoding and subsequently read arbitrary files or...

9.8CVSS9.6AI score0.00646EPSS

Exploits1References4Affected Software2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-7098

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00365EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-30380

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00646EPSS

Exploits1References3

Veracode•added 2025/03/28 2:36 a.m.•6 views

Arbitrary File Overwrite

ai.h2o, h2o-core is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a lack of export location restrictions in the model export endpoint, allowing an attacker to overwrite arbitrary files on the server...

7.1CVSS7AI score0.00107EPSS

Exploits1References4Affected Software2

Veracode•added 2025/03/27 8:4 a.m.•2 views

Denial Of Service (DoS)

ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to the /3/Parse endpoint constructing a regular expression from a user-specified string, which is then applied to another user-specified string, allowing an attacker to send multiple simultaneous requests and exhaus...

7.5CVSS7AI score0.00345EPSS

Exploits1References4Affected Software2

GitLab Advisory Database•added 2025/03/20 12:0 a.m.•10 views

H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controll...

7.5CVSS6.8AI score0.00247EPSS

Exploits1References5Affected Software1

OSV•added 2024/09/06 4:15 p.m.•1 views

CVE-2024-45758

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...

9.1CVSS7.3AI score

Exploits0References2

Positive Technologies•added 2024/09/06 12:0 a.m.•3 views

PT-2024-31754

Name of the Vulnerable Software and Affected Versions: H2O.ai H2O versions 3.46.0.4 and earlier Description: The issue allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to pos...

9.1CVSS6.8AI score0.00106EPSS

Exploits1References7

OSV•added 2019/08/24 12:0 a.m.•34 views

DSA-4508-1 h2o - security update

Bulletin has no description...

7.8CVSS7.2AI score0.50822EPSS

Exploits1

OSV•added 2016/06/19 1:59 a.m.•2 views

CVE-2016-4817

lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly execute arbitrary code via a crafted packet...

7.5CVSS8.2AI score

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by