Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

702 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.6 views

EUVD-2025-29201

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00758EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2025-29209

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00646EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-19180

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00808EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2024-2710

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00657EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-19595

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00522EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2024-52860

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00868EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/09/17 4:52 p.m.30 views

CVE-2025-58046

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

9.8CVSS8.4AI score0.01303EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/09/17 4:52 p.m.8 views

CVE-2025-58045

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

9.8CVSS7.9AI score0.00646EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/09/17 4:52 p.m.8 views

CVE-2025-58748

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

9.8CVSS7.7AI score0.00758EPSS
Exploits1References1
NVD
NVDadded 2025/09/15 5:15 p.m.4 views

CVE-2025-58748

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

9.8CVSS0.00758EPSS
Exploits1References2
NVD
NVDadded 2025/09/15 4:15 p.m.3 views

CVE-2025-58046

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

9.8CVSS0.01303EPSS
Exploits1References2
NVD
NVDadded 2025/09/15 4:15 p.m.6 views

CVE-2025-58045

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

9.8CVSS0.00646EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/09/15 4:12 p.m.10 views

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

8.7CVSS0.00758EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/09/15 4:12 p.m.5 views

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

8.7CVSS7.4AI score0.00758EPSS
Exploits1References2
CVE
CVEadded 2025/09/15 4:12 p.m.22 views

CVE-2025-58748

CVE-2025-58748 affects DataEase up to version 2.10.12, where the H2 data source (H2.java) does not validate that a JDBC URL starts with jdbc:h2 . This enables a crafted configuration to substitute the Amazon Redshift driver and leverage socketFactory/socketFactoryArg to trigger a remote XML resou...

9.8CVSS7.4AI score0.00758EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2025/09/15 4:12 p.m.6 views

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

8.7CVSS7.7AI score0.00758EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2025/09/15 4:4 p.m.2 views

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

8.7CVSS8.2AI score0.01303EPSS
Exploits1References2
OSV
OSVadded 2025/09/15 4:4 p.m.3 views

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

8.7CVSS8.4AI score0.01303EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/09/15 4:4 p.m.7 views

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

8.7CVSS0.01303EPSS
Exploits1References2
CVE
CVEadded 2025/09/15 4:4 p.m.18 views

CVE-2025-58046

Dataease CVE-2025-58046 affects the Impala data source in versions up to 2.10.12 due to insufficient filtering in getJdbc. An attacker can craft a JDBC connection string that triggers JNDI injection and RMI deserialization, enabling remote command execution. Remediation is to upgrade to 2.10.13 o...

9.8CVSS8.2AI score0.01303EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder