Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

147 matches found

Nuclei
Nucleiadded yesterday67 views

H2O ImportFiles - Local File Inclusion

An attacker is able to read any file on the server hosting the H2O dashboard without any authentication. id: CVE-2023-6038 info: name: H2O ImportFiles - Local File Inclusion author: danmcinerney,byt3bl33d3r severity: high description: | An attacker is able to read any file on the server hosting t...

9.3CVSS7.3AI score0.63282EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/05/18 7:59 p.m.6 views

CVE-2026-8752

A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access...

6.9CVSS5.7AI score0.00081EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/18 7:59 p.m.5 views

CVE-2026-8750

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

7.5CVSS5.8AI score0.00013EPSS
Exploits0References1
NVD
NVDadded 2026/05/17 12:16 p.m.7 views

CVE-2026-8752

A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access...

6.9CVSS0.00081EPSS
Exploits0References4
NVD
NVDadded 2026/05/17 12:16 p.m.6 views

CVE-2026-8751

A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The...

9.8CVSS0.00038EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/17 11:45 a.m.34 views

CVE-2026-8752 h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control

A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access...

6.9CVSS0.00081EPSS
Exploits0References4
CVE
CVEadded 2026/05/17 11:30 a.m.12 views

CVE-2026-8751

Affected software: h2oai h2o-3 (versions before 7402). The issue lies in the JAR Handler component, specifically the importBinaryModel() function in h2o-core/src/main/java/hex/Model.java, where input manipulation can trigger deserialization. This enables remote exploitation, with the exploit publ...

9.8CVSS6.7AI score0.00038EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/05/17 11:30 a.m.8 views

EUVD-2026-30697

A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The...

7.5CVSS6.7AI score0.00038EPSS
Exploits0References4
NVD
NVDadded 2026/05/17 11:16 a.m.4 views

CVE-2026-8750

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

7.5CVSS0.00013EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/17 10:45 a.m.34 views

CVE-2026-8750 h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

6.9CVSS0.00013EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/17 10:45 a.m.6 views

EUVD-2026-30694

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

6.9CVSS5.8AI score0.00013EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/17 12:0 a.m.8 views

PT-2026-41542

Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions prior to 7402 Description A weakness in the Rapids setproperty Primitive Handler allows remote attackers to bypass access controls. The issue resides in the exec function within the file...

6.9CVSS6.3AI score0.00081EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/05/17 12:0 a.m.4 views

PT-2026-41540

Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions prior to 7402 Description A remote information disclosure issue exists within the ImportFile API. The flaw is located in the importFiles function of the h2o-core/src/main/java/water/persist/PersistNFS.java file...

6.9CVSS6.1AI score0.00013EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/05/17 12:0 a.m.5 views

PT-2026-41541

Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions prior to 7402 Description A flaw in the JAR Handler component allows remote attackers to trigger deserialization by manipulating the importBinaryModel function within the h2o-core/src/main/java/hex/Model.java file...

7.5CVSS7.3AI score0.00038EPSS
Exploits0References6
EUVD
EUVDadded 2026/04/23 12:31 p.m.3 views

EUVD-2026-25205

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

5.9CVSS6.8AI score0.00258EPSS
Exploits1References3
OSV
OSVadded 2026/04/23 12:31 p.m.1 views

GHSA-QMCV-HH7C-3M56 H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

5.9CVSS6.8AI score0.00258EPSS
Exploits1References4
NVD
NVDadded 2026/04/23 10:16 a.m.1 views

CVE-2026-3960

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

9.8CVSS0.00258EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/23 8:47 a.m.2 views

CVE-2026-3960 Remote Code Execution in h2oai/h2o-3

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

5.9CVSS7.7AI score0.00258EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/23 8:47 a.m.29 views

CVE-2026-3960 Remote Code Execution in h2oai/h2o-3

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

5.9CVSS0.00258EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Databaseadded 2026/04/23 12:0 a.m.6 views

H2O-3 is Vulnerable to Code Injection

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

9.8CVSS7.5AI score0.00258EPSS
Exploits1References4
Rows per page
Query Builder