Lucene search
K

2734 matches found

CVE
CVE
added yesterday9 views

CVE-2026-46684

CVE-2026-46684 (DataEase) : Open-source data visualization tool DataEase prior to 2.10.23 is affected by an unauthorized command execution vulnerability. The issue stems from enterprise token handling where TokenFilter#doFilter() may pass X-DE-TOKEN values to TokenUtils.validate(), which only che...

9.5CVSS6.1AI score0.00024EPSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago102 views

DataEase <= 2.4.1 - Sensitive Information Exposure

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...

5.3CVSS6.1AI score0.16EPSS
Exploits2References3
NVD
NVD
added 2026/07/07 9:17 p.m.9 views

CVE-2026-55647

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...

5.1CVSS0.00269EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56244

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The /de2api/share/proxyInfo share interface generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket. This allows unauthenticated attackers who possess a protected...

8.7CVSS6.1AI score0.00285EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56251

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated attacker can bypass previous fixes for the H2 zip protocol and file dropper. By uploading a zip archive disguised with a .ttf extension via the FontManage.saveFile function, the...

8.7CVSS6.2AI score0.00501EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56248

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description DataEase is an open source data visualization and analysis tool. The H2 database JDBC URL validation logic can be bypassed using special Unicode characters. This occurs because the case-conversion...

8.7CVSS6.2AI score0.00375EPSS
Exploits0References11
OSV
OSV
added 2026/07/01 6:41 p.m.3 views

GHSA-GVPP-V77H-5W8G Cortex has Untrusted Project Bootstrap Code Execution via `CLAUDE_PROJECT_DIR`

Untrusted Project Bootstrap Code Execution via CLAUDEPROJECTDIR Summary The Cortex MCP server neuro-cortex-memory treats the CLAUDEPROJECTDIR environment variable — automatically set by Claude Code to the currently open project directory — as a trusted Cortex developer checkout. When the...

8.5CVSS6.6AI score
Exploits0References3
OSV
OSV
added 2026/06/26 2:2 p.m.8 views

JLSEC-2026-633 vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6AI score0.0032EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39582

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS6.1AI score0.0032EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.7 views

CVE-2026-22879

vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...

8.1CVSS0.0032EPSS
Exploits0References2
Wolfi
Wolfi
added 2026/06/18 2:36 p.m.16 views

GHSA-8RFP-98V4-MMR6 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

5.2AI score
Exploits0
Wolfi
Wolfi
added 2026/06/18 2:36 p.m.11 views

GHSA-GJ48-438W-JH9V vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

5.2AI score
Exploits0
Chainguard
Chainguard
added 2026/06/18 2:16 p.m.9 views

GHSA-GJ48-438W-JH9V vulnerabilities

Vulnerabilities for packages: label-studio, kubeflow-pipelines-visualization-server...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/18 2:16 p.m.11 views

GHSA-8RFP-98V4-MMR6 vulnerabilities

Vulnerabilities for packages: label-studio, kubeflow-pipelines-visualization-server...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS5.5AI score0.00244EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.9 views

Chromium: CVE-2026-10918 Use after free in Viz

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS5.4AI score0.00286EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of Viz components after their release, which could allow remote attackers to achieve sandbox escape by...

8.3CVSS5.3AI score0.00286EPSS
Exploits0References3
NVD
NVD
added 2026/05/21 12:16 p.m.27 views

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS0.00244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 10:44 a.m.7 views

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/21 10:44 a.m.51 views

CVE-2026-0393 CODESYS Visualization - Insufficiently Protected Credentials

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS0.00244EPSS
Exploits0References1
Rows per page
Query Builder