IKUS Rdiffweb allows an attacker with any valid or stolen access token to act as other users

IKUS Rdiffweb version 2.10.5 and below have an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify...

PT-2026-36909

Name of the Vulnerable Software and Affected Versions IKUS Rdiffweb versions prior to 2.10.6 Description An improper authorization flaw exists where the API fails to enforce binding between the authenticated subject and the targeted user or tenant. This allows an attacker possessing any valid or...

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

EUVD-2025-6385

Malicious code in bioql PyPI...

EUVD-2025-6377

Malicious code in bioql PyPI...

EUVD-2025-6384

Malicious code in bioql PyPI...

Akka 代码问题漏洞

Akka is an Akka open source expressive SDK and platform for developing, deploying and operating enterprise agent services. A code issue vulnerability exists in Akka 2.10.6 and earlier versions that stems from the use of Java serialization to process cluster metrics...

CVE-2023-52122

Cross-Site Request Forgery CSRF vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6...

CVE-2025-24974

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available...

CVE-2025-27138

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

CVE-2025-27103

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

CVE-2025-24974

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available...

CVE-2025-27138 DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

CVE-2025-27138

DataEase (open source BI/dashboard) before version 2.10.6 contains an authentication flaw in the io.dataease.auth.filter.TokenFilter class that may allow unauthorized access. The issue is confirmed across multiple sources and is resolved in v2.10.6. The vulnerability description does not provide ...

CVE-2025-27138 DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

CVE-2025-24974 DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available...

CVE-2025-24974

CVE-2025-24974 affects DataEase (open source BI/data visualization tool). Prior to version 2.10.6, authenticated users could read and deserialize arbitrary files via the background JDBC connection. The issue has been fixed in v2.10.6. No public workarounds are documented. Impact is described as h...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.6 prior to the existence of a security vulnerability , th...