Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20267

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description A Server-Side Template Injection SSTI flaw exists in the Freemarker template engine of Datart. Authenticated attackers can execute arbitrary code by injecting crafted Freemarker template syntax into the SQ...

9.9CVSS6.2AI score0.01002EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20265

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue exists that allows attackers to execute arbitrary code through the url parameter within the JDBC configuration. The affected component is the JDBC configuration. Recommendations Update to a newer...

8.8CVSS5.9AI score0.00478EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31018

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.03008EPSS
Exploits0References4
OSV
OSV
added 2025/09/24 4:15 p.m.9 views

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

9.8CVSS6.1AI score0.03008EPSS
Exploits0References3
NVD
NVD
added 2025/09/24 4:15 p.m.9 views

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

9.8CVSS0.03008EPSS
Exploits0References3
CVE
CVE
added 2025/09/24 12:0 a.m.25 views

CVE-2025-56819

Datart v1.0.0-rc.3 contains a remote code execution vulnerability (CVE-2025-56819) due to improper handling of the INIT connection parameter. The issue allows an unauthenticated, network-originated attacker to execute arbitrary code with high impact (CVE details indicate C:H/I:H/A:H under CVSS 3....

9.8CVSS7.6AI score0.03008EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.5 views

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from mishandling of configuration files and can lead to path traversal and remote code execution...

8.8CVSS7.6AI score0.01261EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/09/24 12:0 a.m.2 views

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

7.6AI score0.03008EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.12 views

PT-2025-39288

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue allows a remote attacker to execute arbitrary code via the INIT connection parameter. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

9.8CVSS7.4AI score0.03008EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/09/24 12:0 a.m.19 views

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

0.00582EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.4 views

datart 安全漏洞

datart is an open source data visualization open platform by running-elephant. A security vulnerability exists in datart version 1.0.0-rc.3, which stems from improper handling of the INIT connection parameter and could lead to the execution of arbitrary code...

9.8CVSS7AI score0.03008EPSS
Exploits0References4
Rows per page
Query Builder