Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for h2o-3 by h2oai

    CVE-2026-8752 (GCVE-0-2026-8752)

    Vulnerability from nvd – Published: 2026-05-17 11:45 – Updated: 2026-05-18 14:39
    VLAI
    Title
    h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control
    Summary
    A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/364379 vdb-entrytechnical-description
    https://vuldb.com/vuln/364379/cti signaturepermissions-required
    https://vuldb.com/submit/810108 third-party-advisory
    https://vulnplus-note.wetolink.com/share/pyVa0GWPuAZE exploit
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 7402
        cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    vulnplusbot (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8752",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T14:38:58.874014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T14:39:10.246Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Rapids setproperty Primitive Handler"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "7402"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "vulnplusbot (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-17T11:45:11.583Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-364379 | h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/364379"
            },
            {
              "name": "VDB-364379 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/364379/cti"
            },
            {
              "name": "Submit #810108 | H2O-3 latest pre-auth logic flaw",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/810108"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://vulnplus-note.wetolink.com/share/pyVa0GWPuAZE"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-16T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-16T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-16T18:25:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8752",
        "datePublished": "2026-05-17T11:45:11.583Z",
        "dateReserved": "2026-05-16T16:20:47.483Z",
        "dateUpdated": "2026-05-18T14:39:10.246Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8751 (GCVE-0-2026-8751)

    Vulnerability from nvd – Published: 2026-05-17 11:30 – Updated: 2026-05-18 14:19
    VLAI
    Title
    h2oai h2o-3 JAR Model.java importBinaryModel deserialization
    Summary
    A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/364378 vdb-entrytechnical-description
    https://vuldb.com/vuln/364378/cti signaturepermissions-required
    https://vuldb.com/submit/810107 third-party-advisory
    https://vulnplus-note.wetolink.com/share/b5nsQg6EcsBS exploit
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 7402
        cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    vulnplusbot (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T14:19:11.478608Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T14:19:22.677Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "JAR Handler"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "7402"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "vulnplusbot (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-17T11:30:10.692Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-364378 | h2oai h2o-3 JAR Model.java importBinaryModel deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/364378"
            },
            {
              "name": "VDB-364378 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/364378/cti"
            },
            {
              "name": "Submit #810107 | H2O-3 latest Pre-Auth Insecure Deserialization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/810107"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://vulnplus-note.wetolink.com/share/b5nsQg6EcsBS"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-16T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-16T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-16T18:25:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 JAR Model.java importBinaryModel deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8751",
        "datePublished": "2026-05-17T11:30:10.692Z",
        "dateReserved": "2026-05-16T16:20:44.883Z",
        "dateUpdated": "2026-05-18T14:19:22.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8750 (GCVE-0-2026-8750)

    Vulnerability from nvd – Published: 2026-05-17 10:45 – Updated: 2026-05-18 17:53
    VLAI
    Title
    h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure
    Summary
    A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/364377 vdb-entrytechnical-description
    https://vuldb.com/vuln/364377/cti signaturepermissions-required
    https://vuldb.com/submit/810105 third-party-advisory
    https://vulnplus-note.wetolink.com/share/wWjmsfKHRJi3 exploit
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 7402
        cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    vulnplusbot (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8750",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T17:11:10.715335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T17:53:03.393Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "ImportFile API"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "7402"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "vulnplusbot (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-17T10:45:10.231Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-364377 | h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/364377"
            },
            {
              "name": "VDB-364377 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/364377/cti"
            },
            {
              "name": "Submit #810105 | H2O-3 latest arbitrary local file disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/810105"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://vulnplus-note.wetolink.com/share/wWjmsfKHRJi3"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-16T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-16T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-16T18:25:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8750",
        "datePublished": "2026-05-17T10:45:10.231Z",
        "dateReserved": "2026-05-16T16:20:42.111Z",
        "dateUpdated": "2026-05-18T17:53:03.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10769 (GCVE-0-2025-10769)

    Vulnerability from nvd – Published: 2025-09-21 09:33 – Updated: 2025-09-22 17:25
    VLAI
    Title
    h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization
    Summary
    A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 3.46.08
    Create a notification for this product.
    Credits
    ez-lbz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10769",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-22T17:25:34.976239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-22T17:25:38.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ez-lbz/poc/issues/51"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ez-lbz/poc/issues/51#issue-3391023368"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588d"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "H2 JDBC Driver"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.46.08"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ez-lbz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in h2oai h2o-3 up to 3.46.08 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /99/ImportSQLTable der Komponente H2 JDBC Driver. Durch die Manipulation des Arguments connection_url mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-21T09:33:19.679Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-325125 | h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.325125"
            },
            {
              "name": "VDB-325125 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.325125"
            },
            {
              "name": "Submit #649728 | h2oai h2o-3 \u003c=v3.46.08 Deserialization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.649728"
            },
            {
              "name": "Submit #649793 | h2oai h2o-3 3.46.0.7 Deserialization (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.649793"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/ez-lbz/poc/issues/51"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/ez-lbz/poc/issues/51#issue-3391023368"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588d"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-21T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-21T10:26:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10769",
        "datePublished": "2025-09-21T09:33:19.679Z",
        "dateReserved": "2025-09-21T08:16:09.091Z",
        "dateUpdated": "2025-09-22T17:25:38.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10768 (GCVE-0-2025-10768)

    Vulnerability from nvd – Published: 2025-09-21 09:33 – Updated: 2025-09-22 17:24
    VLAI
    Title
    h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization
    Summary
    A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.325124 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.325124 signaturepermissions-required
    https://vuldb.com/?submit.649508 third-party-advisory
    https://github.com/ez-lbz/poc/issues/50 exploitissue-tracking
    https://github.com/ez-lbz/poc/issues/50#issue-338… exploitissue-tracking
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 3.46.08
    Create a notification for this product.
    Credits
    ez-lbz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10768",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-22T17:24:13.085698Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-22T17:24:16.558Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ez-lbz/poc/issues/50#issue-3389830879"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ez-lbz/poc/issues/50"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "IBMDB2 JDBC Driver"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.46.08"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ez-lbz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in h2oai h2o-3 up to 3.46.08 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /99/ImportSQLTable der Komponente IBMDB2 JDBC Driver. Mit der Manipulation des Arguments connection_url mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-21T09:33:16.643Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-325124 | h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.325124"
            },
            {
              "name": "VDB-325124 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.325124"
            },
            {
              "name": "Submit #649508 | h2oai h2o-3 \u003c=v3.46.08 Deserialization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.649508"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/ez-lbz/poc/issues/50"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/ez-lbz/poc/issues/50#issue-3389830879"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-21T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-21T10:21:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10768",
        "datePublished": "2025-09-21T09:33:16.643Z",
        "dateReserved": "2025-09-21T08:16:05.733Z",
        "dateUpdated": "2025-09-22T17:24:16.558Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8862 (GCVE-0-2024-8862)

    Vulnerability from nvd – Published: 2024-09-14 19:31 – Updated: 2024-09-16 14:16
    VLAI
    Title
    h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization
    Summary
    A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.277499 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.277499 signaturepermissions-required
    https://vuldb.com/?submit.403200 third-party-advisory
    https://rumbling-slice-eb0.notion.site/Unauthenti… exploit
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 3.46.0.4
    Create a notification for this product.
    h2oai h2o-3 Affected: 3.46.0.4
        cpe:2.3:a:h2oai:h2o-3:3.46.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    aftersnow (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:h2oai:h2o-3:3.46.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "h2o-3",
                "vendor": "h2oai",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.46.0.4"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8862",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T14:14:18.575549Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T14:16:28.093Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "JDBC Connection Handler"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.46.0.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "aftersnow (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in h2oai h2o-3 3.46.0.4 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion getConnectionSafe der Datei /dtale/chart-data/1 der Komponente JDBC Connection Handler. Mit der Manipulation des Arguments query mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-14T19:31:04.957Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-277499 | h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.277499"
            },
            {
              "name": "VDB-277499 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.277499"
            },
            {
              "name": "Submit #403200 | h2oai h2o-3 3.46.0.4 Unauthenticated Remote Code Execution via Unrestricted JDBC",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.403200"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Command-Execution-via-Panda-df-query-9dc40f0477ee4b65806de7921876c222?pvs=4"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-09-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-09-14T07:39:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8862",
        "datePublished": "2024-09-14T19:31:04.957Z",
        "dateReserved": "2024-09-14T05:34:17.828Z",
        "dateUpdated": "2024-09-16T14:16:28.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-8752 (GCVE-0-2026-8752)

    Vulnerability from cvelistv5 – Published: 2026-05-17 11:45 – Updated: 2026-05-18 14:39
    VLAI
    Title
    h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control
    Summary
    A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/364379 vdb-entrytechnical-description
    https://vuldb.com/vuln/364379/cti signaturepermissions-required
    https://vuldb.com/submit/810108 third-party-advisory
    https://vulnplus-note.wetolink.com/share/pyVa0GWPuAZE exploit
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 7402
        cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    vulnplusbot (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8752",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T14:38:58.874014Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T14:39:10.246Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Rapids setproperty Primitive Handler"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "7402"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "vulnplusbot (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-17T11:45:11.583Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-364379 | h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/364379"
            },
            {
              "name": "VDB-364379 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/364379/cti"
            },
            {
              "name": "Submit #810108 | H2O-3 latest pre-auth logic flaw",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/810108"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://vulnplus-note.wetolink.com/share/pyVa0GWPuAZE"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-16T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-16T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-16T18:25:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8752",
        "datePublished": "2026-05-17T11:45:11.583Z",
        "dateReserved": "2026-05-16T16:20:47.483Z",
        "dateUpdated": "2026-05-18T14:39:10.246Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8751 (GCVE-0-2026-8751)

    Vulnerability from cvelistv5 – Published: 2026-05-17 11:30 – Updated: 2026-05-18 14:19
    VLAI
    Title
    h2oai h2o-3 JAR Model.java importBinaryModel deserialization
    Summary
    A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/364378 vdb-entrytechnical-description
    https://vuldb.com/vuln/364378/cti signaturepermissions-required
    https://vuldb.com/submit/810107 third-party-advisory
    https://vulnplus-note.wetolink.com/share/b5nsQg6EcsBS exploit
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 7402
        cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    vulnplusbot (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T14:19:11.478608Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T14:19:22.677Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "JAR Handler"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "7402"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "vulnplusbot (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-17T11:30:10.692Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-364378 | h2oai h2o-3 JAR Model.java importBinaryModel deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/364378"
            },
            {
              "name": "VDB-364378 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/364378/cti"
            },
            {
              "name": "Submit #810107 | H2O-3 latest Pre-Auth Insecure Deserialization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/810107"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://vulnplus-note.wetolink.com/share/b5nsQg6EcsBS"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-16T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-16T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-16T18:25:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 JAR Model.java importBinaryModel deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8751",
        "datePublished": "2026-05-17T11:30:10.692Z",
        "dateReserved": "2026-05-16T16:20:44.883Z",
        "dateUpdated": "2026-05-18T14:19:22.677Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8750 (GCVE-0-2026-8750)

    Vulnerability from cvelistv5 – Published: 2026-05-17 10:45 – Updated: 2026-05-18 17:53
    VLAI
    Title
    h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure
    Summary
    A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/364377 vdb-entrytechnical-description
    https://vuldb.com/vuln/364377/cti signaturepermissions-required
    https://vuldb.com/submit/810105 third-party-advisory
    https://vulnplus-note.wetolink.com/share/wWjmsfKHRJi3 exploit
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 7402
        cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    vulnplusbot (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8750",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T17:11:10.715335Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T17:53:03.393Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "ImportFile API"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "7402"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "vulnplusbot (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-17T10:45:10.231Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-364377 | h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/364377"
            },
            {
              "name": "VDB-364377 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/364377/cti"
            },
            {
              "name": "Submit #810105 | H2O-3 latest arbitrary local file disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/810105"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://vulnplus-note.wetolink.com/share/wWjmsfKHRJi3"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-16T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-16T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-16T18:25:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 ImportFile API PersistNFS.java importFiles information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8750",
        "datePublished": "2026-05-17T10:45:10.231Z",
        "dateReserved": "2026-05-16T16:20:42.111Z",
        "dateUpdated": "2026-05-18T17:53:03.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10769 (GCVE-0-2025-10769)

    Vulnerability from cvelistv5 – Published: 2025-09-21 09:33 – Updated: 2025-09-22 17:25
    VLAI
    Title
    h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization
    Summary
    A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 3.46.08
    Create a notification for this product.
    Credits
    ez-lbz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10769",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-22T17:25:34.976239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-22T17:25:38.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ez-lbz/poc/issues/51"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ez-lbz/poc/issues/51#issue-3391023368"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588d"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "H2 JDBC Driver"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.46.08"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ez-lbz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in h2oai h2o-3 up to 3.46.08 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /99/ImportSQLTable der Komponente H2 JDBC Driver. Durch die Manipulation des Arguments connection_url mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-21T09:33:19.679Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-325125 | h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.325125"
            },
            {
              "name": "VDB-325125 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.325125"
            },
            {
              "name": "Submit #649728 | h2oai h2o-3 \u003c=v3.46.08 Deserialization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.649728"
            },
            {
              "name": "Submit #649793 | h2oai h2o-3 3.46.0.7 Deserialization (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.649793"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/ez-lbz/poc/issues/51"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/ez-lbz/poc/issues/51#issue-3391023368"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://huntr.com/bounties/4066ce21-7148-44f5-8336-b1674c2f588d"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-21T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-21T10:26:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 H2 JDBC Driver ImportSQLTable deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10769",
        "datePublished": "2025-09-21T09:33:19.679Z",
        "dateReserved": "2025-09-21T08:16:09.091Z",
        "dateUpdated": "2025-09-22T17:25:38.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10768 (GCVE-0-2025-10768)

    Vulnerability from cvelistv5 – Published: 2025-09-21 09:33 – Updated: 2025-09-22 17:24
    VLAI
    Title
    h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization
    Summary
    A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.325124 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.325124 signaturepermissions-required
    https://vuldb.com/?submit.649508 third-party-advisory
    https://github.com/ez-lbz/poc/issues/50 exploitissue-tracking
    https://github.com/ez-lbz/poc/issues/50#issue-338… exploitissue-tracking
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 3.46.08
    Create a notification for this product.
    Credits
    ez-lbz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10768",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-22T17:24:13.085698Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-22T17:24:16.558Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ez-lbz/poc/issues/50#issue-3389830879"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/ez-lbz/poc/issues/50"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "IBMDB2 JDBC Driver"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.46.08"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ez-lbz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in h2oai h2o-3 up to 3.46.08 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /99/ImportSQLTable der Komponente IBMDB2 JDBC Driver. Mit der Manipulation des Arguments connection_url mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-21T09:33:16.643Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-325124 | h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.325124"
            },
            {
              "name": "VDB-325124 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.325124"
            },
            {
              "name": "Submit #649508 | h2oai h2o-3 \u003c=v3.46.08 Deserialization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.649508"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/ez-lbz/poc/issues/50"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/ez-lbz/poc/issues/50#issue-3389830879"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-21T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-21T10:21:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 IBMDB2 JDBC Driver ImportSQLTable deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10768",
        "datePublished": "2025-09-21T09:33:16.643Z",
        "dateReserved": "2025-09-21T08:16:05.733Z",
        "dateUpdated": "2025-09-22T17:24:16.558Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-8862 (GCVE-0-2024-8862)

    Vulnerability from cvelistv5 – Published: 2024-09-14 19:31 – Updated: 2024-09-16 14:16
    VLAI
    Title
    h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization
    Summary
    A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.277499 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.277499 signaturepermissions-required
    https://vuldb.com/?submit.403200 third-party-advisory
    https://rumbling-slice-eb0.notion.site/Unauthenti… exploit
    Impacted products
    Vendor Product Version
    h2oai h2o-3 Affected: 3.46.0.4
    Create a notification for this product.
    h2oai h2o-3 Affected: 3.46.0.4
        cpe:2.3:a:h2oai:h2o-3:3.46.0.4:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    aftersnow (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:h2oai:h2o-3:3.46.0.4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "h2o-3",
                "vendor": "h2oai",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.46.0.4"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8862",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T14:14:18.575549Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T14:16:28.093Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "JDBC Connection Handler"
              ],
              "product": "h2o-3",
              "vendor": "h2oai",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.46.0.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "aftersnow (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in h2oai h2o-3 3.46.0.4 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion getConnectionSafe der Datei /dtale/chart-data/1 der Komponente JDBC Connection Handler. Mit der Manipulation des Arguments query mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-14T19:31:04.957Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-277499 | h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.277499"
            },
            {
              "name": "VDB-277499 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.277499"
            },
            {
              "name": "Submit #403200 | h2oai h2o-3 3.46.0.4 Unauthenticated Remote Code Execution via Unrestricted JDBC",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.403200"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Command-Execution-via-Panda-df-query-9dc40f0477ee4b65806de7921876c222?pvs=4"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-09-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-09-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-09-14T07:39:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8862",
        "datePublished": "2024-09-14T19:31:04.957Z",
        "dateReserved": "2024-09-14T05:34:17.828Z",
        "dateUpdated": "2024-09-16T14:16:28.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }