474 matches found
CVE-2025-70829
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...
PT-2026-20266
Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An information exposure issue exists in Datart version 1.0.0-rc.3. Authenticated attackers can potentially access sensitive data through a custom H2 JDBC connection string. The issue involves the potential...
SUSE: Security Advisory (SUSE-SU-2026:20187-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for python-h2 (moderate)
openSUSE security update: security update for python-h2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20122-1 Rating: moderate References: bsc1248737 Cross-References: CVE-2025-57804 CVSS scores: CVE-2025-57804 SUSE : 5.3...
OPENSUSE-SU-2026:20122-1 Security update for python-h2
This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737...
SUSE-SU-2026:20187-1 Security update for python-h2
This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737...
CVE-2025-66913
JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...
CVE-2022-42467
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
CVE-2022-31764
The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...
CVE-2025-66913
JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...
PT-2026-1866
Name of the Vulnerable Software and Affected Versions JimuReport versions through 2.1.3 Description The software is susceptible to remote code execution when handling user-supplied H2 JDBC URLs. The application directly passes the attacker-controlled JDBC URL to the H2 driver, enabling the use of...
Fedora: Security Advisory (FEDORA-2025-8628ba80b1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-62420
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...
CVE-2025-62420
Summary: DataEase (versions up to 2.10.13) contains a JDBC driver bypass vulnerability in the H2 database connection handler. The getJdbc function in H2.java uses the jdbcUrl starting with jdbc:h2 but returns a separate jdbc field as the actual connection URL, allowing an authenticated attacker t...
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...
EUVD-2025-34918
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...
October 14, 2025-KB5066747 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2
None None...
Description of the security update for SharePoint Server Subscription Edition: October 14, 2025 (KB5002786)
None None...