Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-29201

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.01606EPSS
Exploits1References2
NVD
NVDadded 2025/09/15 5:15 p.m.3 views

CVE-2025-58748

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

9.8CVSS0.01606EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/09/15 3:53 p.m.5 views

CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

7.1CVSS0.02537EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/08/30 6:17 p.m.2 views

CVE-2025-57772

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's...

9.8CVSS6.8AI score0.00315EPSS
Exploits1References1
NVD
NVDadded 2025/08/25 5:15 p.m.3 views

CVE-2025-57772

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's...

9.8CVSS0.00315EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/08/25 5:0 p.m.6 views

CVE-2025-57772 Dataease H2 JDBC RCE Bypass

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's...

8.2CVSS0.00315EPSS
Exploits1References2
CVE
CVEadded 2024/06/06 3:9 p.m.57 views

CVE-2024-36106

Affected product: Argo CD (GitOps for Kubernetes). Vulnerability: Authenticated users may enumerate clusters by name via error messages and, if cluster names are known, enumerate project-scoped cluster names as well. Root cause / status: Information disclosure through verbose error messages. Impa...

4.3CVSS4.2AI score0.0064EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2024/06/06 12:0 a.m.11 views

PT-2024-5351 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 Description: The issue is related to insufficient authentication procedures when handling the "/api/v1/settings" endpoint, allowing unauthoriz...

7.5CVSS7AI score0.80204EPSS
Exploits0References16
PyPA
PyPAadded 2010/09/08 8:0 p.m.2 views

PYSEC-2010-33

ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service crash of worker threads via vectors that trigger uncaught exceptions...

4.3CVSS5.8AI score0.00895EPSS
Exploits1References6
Rows per page
Query Builder