CVE-2025-64164

DataEase (open source data visualization tool) is affected in versions

CVE-2025-64164 DataEase is vulnerable to Oracle JNDI Injection

Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection Java Naming and Directory Interface injection. This issue is fixed in version 2.10.15...

CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...

WordPress plugin PowerPack Pro for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress PowerPack Pro for Elementor plugin <= 2.10.14 - Contributor+ Privilege Escalation vulnerability

Contributor+ Privilege Escalation vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PowerPack Pro for Elementor versions = 2.10.14...