CVE-2024-52858

creationtimestamp| type| source ---|---|--- 2025-09-16 23:16:38+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764 2025-09-18 16:44:33+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764...

CVE-2024-39420

creationtimestamp| type| source ---|---|--- 2025-09-16 23:16:38+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764 2025-09-18 16:44:35+00:00| seen| MISP/be792712-f638-4d7d-b62d-4f5032e86764...

CVE-2025-58748

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

CVE-2025-58046

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

CVE-2025-58748

CVE-2025-58748 affects DataEase up to version 2.10.12, where the H2 data source (H2.java) does not validate that a JDBC URL starts with jdbc:h2 . This enables a crafted configuration to substitute the Amazon Redshift driver and leverage socketFactory/socketFactoryArg to trigger a remote XML resou...

CVE-2025-58046

Dataease CVE-2025-58046 affects the Impala data source in versions up to 2.10.12 due to insufficient filtering in getJdbc. An attacker can craft a JDBC connection string that triggers JNDI injection and RMI deserialization, enabling remote command execution. Remediation is to upgrade to 2.10.13 o...

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

CVE-2025-9517

creationtimestamp| type| source ---|---|--- 2025-09-15 13:28:31+00:00| seen| MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f 2025-09-16 03:45:00+00:00| seen| MISP/acd0294c-4561-4286-a04e-5c02a1c67b1f...

PT-2025-37721

Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 2.10.13 Description: Dataease is an open source data analytics and visualization platform. The H2 data source implementation H2.java lacks validation to ensure that a provided JDBC URL begins with jdbc:h2. This allo...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in Dataease version 2.10.12 and earlier, which...

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A code issue vulnerability exists in DataEase 2.10.12 and prior versions that...

Linux Distros Unpatched Vulnerability : CVE-2024-6322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associate...

CVE-2025-53651

creationtimestamp| type| source ---|---|--- 2025-09-09 20:51:40+00:00| seen| MISP/e0a0042d-e47b-4875-b781-99d4428af3c2...

CVE-2025-30760

creationtimestamp| type| source ---|---|--- 2025-09-09 20:51:36+00:00| seen| MISP/e0a0042d-e47b-4875-b781-99d4428af3c2...

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.

...

Linux Distros Unpatched Vulnerability : CVE-2022-21702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or...

Linux Distros Unpatched Vulnerability : CVE-2024-1442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user with the permissions to create a data source can use Grafana API to create a data source with UID set to . Doing this will grant the user access to read,...

Linux Distros Unpatched Vulnerability : CVE-2017-14941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source...