EUVD-2023-32126

Malicious code in bioql PyPI...

EUVD-2022-28411

Malicious code in bioql PyPI...

EUVD-2025-16790

Malicious code in bioql PyPI...

EUVD-2025-6384

Malicious code in bioql PyPI...

CVE-2025-49003

DataEase (H2) prior to version 2.10.11 is vulnerable to a Java character-conversion issue where certain characters (for example, ı -> I and ſ -> S) can be manipulated to trigger remote code execution. Affected component is the Java-based text/processing logic linked to the DataEase data vis...

CVE-2025-49001 Dataease Authentication Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...

CVE-2025-48998

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

CVE-2024-47074

DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java,...

CVE-2025-27103

Summary (CVE-2025-27103) DataEase (open source BI tool) prior to v2.10.6 is affected by a bypass of the patch for CVE-2024-55953 that allows authenticated users to read and deserialize arbitrary files via the background JDBC connection. The issue arises from the unfiltered JDBC connection string ...