CVE-2025-12740

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...

CVE-2025-12740

CVE-2025-12740 affects Looker where a user with Developer role could create a DB2 database connection and, by manipulating LookML, cause Looker to execute a malicious command due to inadequate filtering of the IBM DB2 driver’s parameters. Concrete details across multiple sources confirm the vulne...

PT-2025-47897

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...

EUVD-2025-30379

Malicious code in bioql PyPI...

CVE-2025-10768

A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connectionurl causes deserialization. The attack may be initiated remotely. The exploit has been...

CVE-2025-10768

CVE-2025-10768 affects h2oai h2o-3 up to version 3.46.08. The vulnerability is a deserialization flaw in an unknown function within the IBMDB2 JDBC Driver’s /99/ImportSQLTable, caused by manipulation of the connection_url argument. This enables remote exploitation and an exploit has been publishe...

PT-2025-38662

Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions through 3.46.08 Description A flaw exists in h2oai h2o-3, specifically in an unknown function within the /99/ImportSQLTable file of the IBMDB2 JDBC Driver component. Manipulation of the connection url argument can lead to...