Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

RedhatCVE
RedhatCVEadded 2025/08/30 6:17 p.m.3 views

CVE-2025-57773

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability...

9.8CVSS7.2AI score0.00545EPSS
Exploits1References1
CVE
CVEadded 2025/08/25 4:42 p.m.22 views

CVE-2025-57773

CVE-2025-57773 affects DataEase prior to version 2.10.12, where unfiltered DB2 parameters enable a JNDI injection that triggers an AspectJWeaver deserialization attack, writing to files. The exploitation requires the presence of commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerabil...

9.8CVSS6.7AI score0.00545EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2025/08/25 12:0 a.m.3 views

PT-2025-34683

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.12 Description: DataEase is an open source business intelligence and data visualization tool. Due to insufficient filtering of DB2 parameters, a JNDI injection attack can be launched, triggering an AspectJWeave...

9.8CVSS6.7AI score0.00545EPSS
Exploits1References12
Rows per page
Query Builder