Lucene search
K

191 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-54255

Malicious code in bioql PyPI...

8.5CVSS6.5AI score0.00671EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-9649

Malicious code in bioql PyPI...

9.8CVSS5AI score0.00638EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7189

Malicious code in bioql PyPI...

8.4CVSS7.2AI score0.00301EPSS
Exploits1References9
Snyk
Snyk
added 2025/09/21 10:41 a.m.7 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ImportSQLTable process of the H2 JDBC Driver when handling the connectionurl argument. An attacker can execute arbitrary code by supplying crafted serialized data remotely. Details Serialization...

9.8CVSS7AI score0.00488EPSS
Exploits1References2
NVD
NVD
added 2025/09/21 10:15 a.m.6 views

CVE-2025-10769

A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connectionurl leads to deserialization. The attack may be launched remotely. The exploit has been disclos...

9.8CVSS0.00488EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-14335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files outside of their...

6.5CVSS6.6AI score0.13389EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-45868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specif...

8.4CVSS6.9AI score0.00301EPSS
Exploits1References2
NVD
NVD
added 2025/08/25 5:15 p.m.6 views

CVE-2025-57772

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's...

9.8CVSS0.08217EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/25 5:0 p.m.3 views

CVE-2025-57772 Dataease H2 JDBC RCE Bypass

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's...

8.2CVSS7.1AI score0.08217EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/03 8:37 p.m.6 views

CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

9.2CVSS6.3AI score0.43192EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:54 p.m.12 views

CVE-2020-13921

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS7.8AI score0.33478EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/05 4:44 p.m.17 views

CVE-2025-3164

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code...

9.8CVSS7.8AI score0.00638EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/03 3:31 p.m.9 views

CVE-2025-3164 Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code...

5.8CVSS7.7AI score0.00638EPSS
Exploits1References5
OSV
OSV
added 2025/04/03 3:31 p.m.6 views

CVE-2025-3164 Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code...

5.1CVSS5.6AI score0.00638EPSS
Exploits1References7
CVE
CVE
added 2025/04/03 3:31 p.m.53 views

CVE-2025-3164

Vulnerability details (CVE-2025-3164): Tencent Music Entertainment SuperSonic versions up to 0.9.8 contain a flaw in the H2 Database Connection Handler, specifically in the /api/semantic/database/testConnect function. The issue arises from the manipulation of an unknown functionality, leading to ...

9.8CVSS7.7AI score0.00638EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.8 views

PT-2025-14772 · Unknown +1 · H2 Database Connection Handler +1

Name of the Vulnerable Software and Affected Versions: Tencent Music Entertainment SuperSonic versions up to 0.9.8 Description: A critical issue affects some unknown functionality of the file "/api/semantic/database/testConnect" of the component H2 Database Connection Handler, leading to code...

9.8CVSS5AI score0.00638EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.4 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
NVD
NVD
added 2025/02/06 3:15 p.m.35 views

CVE-2022-31764

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

8.5CVSS0.00671EPSS
Exploits0References1
CVE
CVE
added 2025/02/06 2:23 p.m.72 views

CVE-2022-31764

The CVE describes an RCE in Apache ShardingSphere ElasticJob-UI Lite UI, exploitable by constructing a special H2 JDBC URL. Affected versions are 3.0.1 and earlier; ElasticJob-UI 3.0.2 fixes the issue. The attack premise requires the attacker to have obtained the account credentials; without them...

8.5CVSS6.5AI score0.00671EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/06 2:23 p.m.8 views

CVE-2022-31764 Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

6.8AI score0.00671EPSS
Exploits0References1
Rows per page
Query Builder