Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

RedhatCVE
RedhatCVEadded 2025/03/22 11:44 a.m.8 views

CVE-2024-6854

In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a...

7.1CVSS6.7AI score0.00107EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2024/12/16 12:0 a.m.11 views

H2O-3 Arbitrary File Overwrite (CVE-2024-6854)

An arbitrary file overwrite vulnerability exists in H2O-3. The endpoint that allows for exporting models & does not limit where models can be exported to. As such an attacker can export a model to any file in the server file structure, overwriting it, by simply using the force flag. Note that...

7.1CVSS7.1AI score0.00107EPSS
Exploits1References3
Rows per page
Query Builder