1036 matches found
EUVD-2024-0834
Malicious code in bioql PyPI...
EUVD-2025-29205
Malicious code in bioql PyPI...
EUVD-2025-29201
Malicious code in bioql PyPI...
EUVD-2025-28818
Malicious code in bioql PyPI...
EUVD-2025-24024
Malicious code in bioql PyPI...
EUVD-2024-1473
Malicious code in bioql PyPI...
EUVD-2023-2626
Malicious code in bioql PyPI...
EUVD-2023-58048
Malicious code in bioql PyPI...
EUVD-2024-0960
Malicious code in bioql PyPI...
CVE-2024-52858
creationtimestamp| type| source ---|---|--- 2025-09-16 23:16:38+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764 2025-09-18 16:44:33+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764...
CVE-2024-39420
creationtimestamp| type| source ---|---|--- 2025-09-16 23:16:38+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764 2025-09-18 16:44:35+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764...
CVE-2025-58748
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...
CVE-2025-58046
Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...
CVE-2025-58748
CVE-2025-58748 affects DataEase up to version 2.10.12, where the H2 data source (H2.java) does not validate that a JDBC URL starts with jdbc:h2 . This enables a crafted configuration to substitute the Amazon Redshift driver and leverage socketFactory/socketFactoryArg to trigger a remote XML resou...
CVE-2025-58046
Dataease CVE-2025-58046 affects the Impala data source in versions up to 2.10.12 due to insufficient filtering in getJdbc. An attacker can craft a JDBC connection string that triggers JNDI injection and RMI deserialization, enabling remote command execution. Remediation is to upgrade to 2.10.13 o...
CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource
Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...
CVE-2025-9517
creationtimestamp| type| source ---|---|--- 2025-09-15 13:28:31+00:00| seen| MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f 2025-09-16 03:45:00+00:00| seen| MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f...
PT-2025-37721
Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 2.10.13 Description: Dataease is an open source data analytics and visualization platform. The H2 data source implementation H2.java lacks validation to ensure that a provided JDBC URL begins with jdbc:h2. This allo...