MCP Server for Data Exploration 安全漏洞

MCP Server for Data Exploration is an MCP server for reading-plus-ai individual developers. A security vulnerability exists in MCP Data Science Server version 0.1.6 that stems from the safeeval function not restricting the builtins dictionary, which could lead to arbitrary code execution...

EUVD-2025-198042

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

Apache Superset SQL Injection Vulnerability (CNVD-2024-35190)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database...

Apache Superset Resource Management Error Vulnerability (CNVD-2024-14775)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A resource management error vulnerability exists in Apache Superset versions 2.1.2 and earlier, 3.0.0, and 3.0.1, which stems from uncontrolled resource consumption by the application, and can be...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2024-06442)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 3.0.3, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can ...

Apache Superset SQL Injection Vulnerability (CNVD-2024-0102192)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an authenticated, remote attacker to send specially crafted SQL statements to the wherein JINJA macro...

Apache Superset Elevation of Privilege Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain write access to all gauges in a dashboard via the Add Gauge function of Create...

Apache Superset Input Validation Error Vulnerability (CNVD-2023-9666130)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset versions prior to 3.0.0. The vulnerability stems from the presence of improper input validation, which can be exploited by an...

Apache Superset Authorization Issues Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions have an authorization issue vulnerability that stems from incorrect authorization checks in SQLLab. An attacker can exploit the vulnerability to...

Apache Superset REST API Authorization Issues Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions suffer from an authorization issue vulnerability that stems from incorrect REST API permissions. An attacker can exploit this vulnerability to cau...

Apache Superset Unauthorized Access Vulnerability

Apache Superset is a Python language based development of open source fashionable data exploration and analysis and visualization of the reporting platform , support for rich data sources , and has a colorful visualization of the charts to choose from . An unauthorized access vulnerability exists...

CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

Apache Superset Access Control Error Vulnerability (CNVD-2023-05217)

An access control error vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, which stems from improper access controls and could be exploited by an unauthenticated attacker to access dashboard configuration metadata using the REST...

Using Python to unearth a goldmine of threat intelligence from leaked chat logs

Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. I...

WEKA INTEREST Security Scanner 安全漏洞

WEKA INTEREST Security Scanner is a commonly used software for data exploration by the University of Waikato team in New Zealand. A security vulnerability exists in WEKA INTEREST Security Scanner version 1.8 LAN Viewer, which results in a denial of service when unknown input is used in certain...

Apache Superset Information Disclosure Vulnerability (CNVD-2022-14706)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that originates from errors such as configuration during operation of a networked system or product. An attacker could exploit...

Apache Superset Code Injection Vulnerability

A code injection vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, prior to version 1.3.2, which stems from a web-based system or product that does not properly authenticate incoming data. An authenticated attacker could exploi...

Apache Superset has an unspecified vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache Foundation. Apache Superset 1.3.1 and earlier versions contain a security vulnerability that could allow an attacker to access the password of an authenticated user's database connection...

Apache Superset Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, U.S. The vulnerability stems from insufficient cleanup of user-supplied data on browser pages. An attacker could exploit the vulnerability to trick victim...

Install Apache Zeppelin and connect it to AWS Athena for data exploration, visualization and collaboration

Introduction Apache Zeppelin is a Web-based, open source, notebook system that enables data-driven, interactive data analytics and collaborative documents with SQL. At Imperva Research Group we use it on a daily basis to query data from the Threat Research Data Lake using AWS Athena query engine...