Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2026/05/17 11:45 a.m.4 views

EUVD-2026-30699

A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access...

6.9CVSS5.7AI score0.00081EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/17 11:30 a.m.1 views

CVE-2026-8751

A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The...

7.5CVSS6.7AI score0.00038EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/17 10:45 a.m.4 views

CVE-2026-8750

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

6.9CVSS5.8AI score0.00013EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/04/23 8:47 a.m.10 views

CVE-2026-3960

CVE-2026-3960 is a remote code execution in H2O-3 prior to 3.46.0.10 via the unauthenticated REST endpoint /99/ImportSQLTable. The issue stems from a MySQL-focused parameter blacklist that can be bypassed by switching the JDBC URL to a PostgreSQL URL (e.g., using socketFactory/socketFactoryArg pa...

9.8CVSS7.2AI score0.00258EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2026/02/02 11:16 a.m.2 views

CVE-2024-5986

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/09/23 10:25 a.m.4 views

CVE-2025-10768

A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connectionurl causes deserialization. The attack may be initiated remotely. The exploit has been...

6.5CVSS6.4AI score0.00095EPSS
Exploits0References1
NVD
NVDadded 2025/09/01 6:15 a.m.1 views

CVE-2025-6507

A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The vulnerability arises from the ability to...

9.8CVSS0.00469EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/06/06 12:0 a.m.1 views

PT-2024-36531 · H2O.Ai · H2O-3

Name of the Vulnerable Software and Affected Versions: h2oai/h2o-3 version 3.40.0.4 Description: The issue is caused by an arbitrary system path lookup feature, allowing any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the problem resides in the...

5.3CVSS5.6AI score0.01231EPSS
Exploits1References8
Rows per page
Query Builder