Lucene search
K

117 matches found

OSV
OSV
added 2025/06/30 8:18 p.m.5 views

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.3CVSS6.7AI score0.00522EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/06/30 8:18 p.m.13 views

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.3CVSS0.00522EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.7 views

PT-2025-27412 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. There is a bypass vulnerability in DataEase's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and...

9.8CVSS7.1AI score0.00522EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.4 views

PT-2025-27411 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. There is a bypass vulnerability in DataEase's Redshift Data Source JDBC Connection Parameters. The sslfactory and...

9.8CVSS6.3AI score0.00522EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/06/28 2:7 p.m.6 views

CVE-2025-49003

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...

9.8CVSS7.9AI score0.00808EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/06/26 1:51 p.m.13 views

CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threa...

9.3CVSS0.00808EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/05 9:18 p.m.27 views

CVE-2025-48999

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not ...

9.8CVSS6.7AI score0.06786EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/06/05 9:18 p.m.33 views

CVE-2025-49002

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

9.8CVSS6.7AI score0.43192EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/06/05 7:16 p.m.27 views

CVE-2025-48998

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

8.8CVSS6.6AI score0.00439EPSS
Exploits2References1
NVD
NVD
added 2025/06/03 9:15 p.m.36 views

CVE-2025-49001

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...

9.8CVSS0.21265EPSS
Exploits0References1
NVD
NVD
added 2025/06/03 9:15 p.m.25 views

CVE-2025-49002

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

9.8CVSS0.43192EPSS
Exploits2References2
NVD
NVD
added 2025/06/03 9:15 p.m.17 views

CVE-2025-48999

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not ...

8.8CVSS0.06786EPSS
Exploits1References2
OSV
OSV
added 2025/06/03 8:37 p.m.5 views

CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

9.2CVSS6.5AI score0.43192EPSS
Exploits2References4
CVE
CVE
added 2025/06/03 8:37 p.m.127 views

CVE-2025-49002

DataEase (open source BI/visualization) contains a vulnerability in versions prior to 2.10.10 where a patch for CVE-2025-32966 can be bypassed due to case-insensitive handling, specifically when INIT and RUNSCRIPT are prohibited. The issue is fixed in v2.10.10. A GitHub exploit post (DataEase_Pos...

9.8CVSS7AI score0.43192EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2025/06/03 8:33 p.m.19 views

CVE-2025-49001 Dataease Authentication Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...

8.7CVSS6.8AI score0.21265EPSS
Exploits0References3
CVE
CVE
added 2025/06/03 8:33 p.m.112 views

CVE-2025-49001

DataEase (open source BI tool) prior to 2.10.10 is affected by an authentication bypass: secret verification does not take effect, allowing a JWT to be forged with any secret. Multiple sources confirm the issue and its fix in version 2.10.10. Remediation is to upgrade to 2.10.10 or later; no publ...

9.8CVSS7AI score0.21265EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/06/03 8:33 p.m.103 views

CVE-2025-49001 Dataease Authentication Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...

8.7CVSS0.21265EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/03 8:31 p.m.17 views

CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not ...

7.7CVSS0.06786EPSS
Exploits1References2
OSV
OSV
added 2025/06/03 6:27 p.m.6 views

CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

8.6CVSS6.5AI score0.00439EPSS
Exploits1References4
CVE
CVE
added 2025/06/03 6:27 p.m.67 views

CVE-2025-48998

DataEase CVE-2025-48998: Affects DataEase prior to 2.10.6 where a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The issue has been fixed in v2.10.10; no public workarounds are documented. Connected...

8.8CVSS6.3AI score0.00439EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder