CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

PT-2026-39186

Name of the Vulnerable Software and Affected Versions Amazon Redshift JDBC Driver versions prior to 2.2.2 Description An issue allows the driver to load and execute arbitrary classes when processing JDBC connection URL parameters. An actor capable of influencing the connection URL could potential...

CVE-2023-40037

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...

EUVD-2025-30378

Malicious code in bioql PyPI...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ImportSQLTable process of the IBMDB2 JDBC Driver component when handling the connectionurl argument. An attacker can execute arbitrary code by supplying crafted serialized data remotely. Details...

CVE-2025-10769

CVE-2025-10769 affects h2oai h2o-3 up to 3.46.08 via the H2 JDBC Driver, specifically the /99/ImportSQLTable file. The vulnerability arises from manipulation of the connection_url argument, which leads to deserialization. Reports indicate the attack may be launched remotely and that the exploit h...

PT-2025-38663

Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions through 3.46.08 Description A vulnerability exists in h2oai h2o-3 up to version 3.46.08, specifically within the H2 JDBC Driver component. The issue involves the manipulation of the connection url argument in the...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O 3.46.08 and earlier versions, which stems from a deserialization operation of the parameter connectionurl in the file /99/ImportSQLTable, which could lead to a...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O 3.46.08 and earlier versions, which stems from an incorrect manipulation of the parameter connectionurl in the file /99/ImportSQLTable in the H2 JDBC Driver...

keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ImportSQLTable process when an attacker submits a JSON document containing a crafted connectionurl property. An attacker can execute arbitrary commands and read files by supplying a malicious JD...

GHSA-HRMC-JMP7-MPM2 H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...

CVE-2024-45758

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...

CVE-2024-45758

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...

GHSA-C25H-C27Q-5QPV Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access permission manage-realm can change the LDAP host URL "Connection URL" to a machine they control. The...

Credential Leakage

org.keycloak, keycloak-core is vulnerable to Credential Leakage. The vulnerability is due to a lack of proper validation and enforcement when administrators change the LDAP Connection URL without requiring re-entry of the currently configured LDAP bind credentials. The vulnerability allows an...

GHSA-GMRM-8FX4-66X7 Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c25h-c27q-5qpv. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently...

CVE-2024-5967

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...