191 matches found
EUVD-2022-54255
Malicious code in bioql PyPI...
EUVD-2025-9649
Malicious code in bioql PyPI...
EUVD-2022-7189
Malicious code in bioql PyPI...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ImportSQLTable process of the H2 JDBC Driver when handling the connectionurl argument. An attacker can execute arbitrary code by supplying crafted serialized data remotely. Details Serialization...
CVE-2025-10769
A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connectionurl leads to deserialization. The attack may be launched remotely. The exploit has been disclos...
Linux Distros Unpatched Vulnerability : CVE-2018-14335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files outside of their...
Linux Distros Unpatched Vulnerability : CVE-2022-45868
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specif...
CVE-2025-57772
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's...
CVE-2025-57772 Dataease H2 JDBC RCE Bypass
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's...
CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...
CVE-2020-13921
Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...
CVE-2025-3164
A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code...
CVE-2025-3164 Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection
A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code...
CVE-2025-3164 Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection
A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code...
CVE-2025-3164
Vulnerability details (CVE-2025-3164): Tencent Music Entertainment SuperSonic versions up to 0.9.8 contain a flaw in the H2 Database Connection Handler, specifically in the /api/semantic/database/testConnect function. The issue arises from the manipulation of an unknown functionality, leading to ...
PT-2025-14772 · Unknown +1 · H2 Database Connection Handler +1
Name of the Vulnerable Software and Affected Versions: Tencent Music Entertainment SuperSonic versions up to 0.9.8 Description: A critical issue affects some unknown functionality of the file "/api/semantic/database/testConnect" of the component H2 Database Connection Handler, leading to code...
h2: Remote Code Execution in Console
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...
CVE-2022-31764
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...
CVE-2022-31764
The CVE describes an RCE in Apache ShardingSphere ElasticJob-UI Lite UI, exploitable by constructing a special H2 JDBC URL. Affected versions are 3.0.1 and earlier; ElasticJob-UI 3.0.2 fixes the issue. The attack premise requires the attacker to have obtained the account credentials; without them...
CVE-2022-31764 Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...