Lucene search
+L

474 matches found

RedhatCVE
RedhatCVE
added 2026/02/18 1:41 a.m.10 views

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...

5.7CVSS5.5AI score0.00429EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.18 views

PT-2026-20266

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An information exposure issue exists in Datart version 1.0.0-rc.3. Authenticated attackers can potentially access sensitive data through a custom H2 JDBC connection string. The issue involves the potential...

5.7CVSS5.4AI score0.00429EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2026/02/05 12:0 a.m.4 views

SUSE: Security Advisory (SUSE-SU-2026:20187-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS5.4AI score0.01596EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/03 12:0 a.m.4 views

Security update for python-h2 (moderate)

openSUSE security update: security update for python-h2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20122-1 Rating: moderate References: bsc1248737 Cross-References: CVE-2025-57804 CVSS scores: CVE-2025-57804 SUSE : 5.3...

6.9CVSS5.4AI score0.01596EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 3:52 p.m.4 views

OPENSUSE-SU-2026:20122-1 Security update for python-h2

This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737...

6.9CVSS7.1AI score0.01596EPSS
Exploits0References2
OSV
OSV
added 2026/01/28 3:47 p.m.2 views

SUSE-SU-2026:20187-1 Security update for python-h2

This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737...

6.9CVSS7.1AI score0.01596EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.20 views

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

9.8CVSS8.7AI score0.00944EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.16 views

CVE-2022-42467

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

5.3CVSS6.8AI score0.01198EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.17 views

CVE-2022-31764

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

8.5CVSS6.7AI score0.00671EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 8:15 p.m.9 views

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

9.8CVSS0.00944EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.16 views

PT-2026-1866

Name of the Vulnerable Software and Affected Versions JimuReport versions through 2.1.3 Description The software is susceptible to remote code execution when handling user-supplied H2 JDBC URLs. The application directly passes the attacker-controlled JDBC URL to the H2 driver, enabling the use of...

9.8CVSS7.2AI score0.00944EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2025/10/28 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-8628ba80b1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.8AI score0.00196EPSS
Exploits0References5
NVD
NVD
added 2025/10/17 6:15 p.m.7 views

CVE-2025-62420

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.8CVSS0.00936EPSS
Exploits1References2
CVE
CVE
added 2025/10/17 5:11 p.m.13 views

CVE-2025-62420

Summary: DataEase (versions up to 2.10.13) contains a JDBC driver bypass vulnerability in the H2 database connection handler. The getJdbc function in H2.java uses the jdbcUrl starting with jdbc:h2 but returns a separate jdbc field as the actual connection URL, allowing an authenticated attacker t...

8.8CVSS7.6AI score0.00936EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/10/17 5:11 p.m.14 views

CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.2CVSS0.00936EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/17 5:11 p.m.6 views

EUVD-2025-34918

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.2CVSS7.5AI score0.00936EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/17 5:11 p.m.3 views

CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.2CVSS7.6AI score0.00936EPSS
Exploits1References2
OSV
OSV
added 2025/10/17 5:11 p.m.7 views

CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.2CVSS8AI score0.00936EPSS
Exploits1References4
Microsoft KB
Microsoft KB
added 2025/10/14 2:0 p.m.41 views

October 14, 2025-KB5066747 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2

None None...

8.8CVSS6.7AI score0.02262EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2025/10/14 2:0 p.m.10 views

Description of the security update for SharePoint Server Subscription Edition: October 14, 2025 (KB5002786)

None None...

8.8CVSS7AI score0.02296EPSS
Exploits0
Rows per page
Query Builder