Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

702 matches found

NVD
NVDadded 2025/04/23 4:15 p.m.17 views

CVE-2025-32966

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8...

9.8CVSS0.03925EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/04/23 3:21 p.m.17 views

CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8...

9.2CVSS0.03925EPSS
Exploits1References1
CVE
CVEadded 2025/04/23 3:21 p.m.110 views

CVE-2025-32966

CVE-2025-32966 affects DataEase, an open-source BI tool. The vulnerability allows authenticated users to achieve remote code execution through the backend JDBC link in versions before 2.10.8. A fix is available in 2.10.8, addressing the RCE vector. Multiple connected sources (Red Hat, NVD, CVE li...

9.8CVSS6.4AI score0.03925EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/04/23 3:21 p.m.5 views

CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8...

9.2CVSS6.3AI score0.03925EPSS
Exploits1References1
OSV
OSVadded 2025/04/23 3:21 p.m.3 views

CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8...

9.2CVSS6.4AI score0.03925EPSS
Exploits1References3
CNNVD
CNNVDadded 2025/04/23 12:0 a.m.3 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 2.10.8 that...

9.8CVSS7.5AI score0.03925EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/04/23 12:0 a.m.3 views

PT-2025-17642 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.8 Description: The issue allows authenticated users to complete remote code execution RCE through the backend JDBC link. Recommendations: For versions prior to 2.10.8, update to version 2.10.8 to resolve the...

9.8CVSS7AI score0.03925EPSS
Exploits1References8
Packet Storm
Packet Stormadded 2025/04/07 12:0 a.m.231 views

📄 DataEase 2.4.0 Information Disclosure

DataEase version 2.4.0 suffers from a database configuration information disclosure vulnerability. - Exploit Title: DataEase Database Creds Extractor - Shodan Dork: http.html:"dataease" - FOFA Dork: body="dataease" && title=="DataEase" - Exploit Author: ByteHunter - Email: [email protected] ...

5.3CVSS5.2AI score0.16EPSS
Exploits2
Exploit DB
Exploit DBadded 2025/04/06 12:0 a.m.348 views

DataEase 2.4.0 - Database Configuration Information Exposure

Exploit Title: DataEase 2.4.0 - Database Configuration Information Exposure Shodan Dork: http.html:"dataease" FOFA Dork: body="dataease" && title=="DataEase" Exploit Author: ByteHunter Email: [email protected] vulnerable Versions: 2.4.0-2.5.0 Tested on: 2.4.0 CVE : CVE-2024-30269 import...

5.3CVSS5.4AI score0.16EPSS
Exploits2
RedhatCVE
RedhatCVEadded 2025/03/15 5:8 p.m.12 views

CVE-2025-27138

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

9.8CVSS7.1AI score0.00542EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/03/15 5:8 p.m.22 views

CVE-2025-27103

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

8.6CVSS6.9AI score0.01032EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/03/15 5:7 p.m.7 views

CVE-2025-24974

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available...

8.6CVSS6.9AI score0.00361EPSS
Exploits1References1
NVD
NVDadded 2025/03/13 5:15 p.m.17 views

CVE-2025-27138

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

9.8CVSS0.00542EPSS
Exploits1References1
NVD
NVDadded 2025/03/13 5:15 p.m.10 views

CVE-2025-24974

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available...

8.6CVSS0.00361EPSS
Exploits1References1
NVD
NVDadded 2025/03/13 5:15 p.m.15 views

CVE-2025-27103

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...

8.6CVSS0.00424EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/03/13 4:49 p.m.7 views

CVE-2025-27138 DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

8.7CVSS6.6AI score0.00542EPSS
Exploits1References1
OSV
OSVadded 2025/03/13 4:49 p.m.10 views

CVE-2025-27138 DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

8.7CVSS7AI score0.00542EPSS
Exploits1References3
CVE
CVEadded 2025/03/13 4:49 p.m.54 views

CVE-2025-27138

DataEase (open source BI/dashboard) before version 2.10.6 contains an authentication flaw in the io.dataease.auth.filter.TokenFilter class that may allow unauthorized access. The issue is confirmed across multiple sources and is resolved in v2.10.6. The vulnerability description does not provide ...

9.8CVSS6.6AI score0.00542EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2025/03/13 4:49 p.m.20 views

CVE-2025-27138 DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known...

8.7CVSS0.00542EPSS
Exploits1References1
CVE
CVEadded 2025/03/13 4:44 p.m.72 views

CVE-2025-27103

Summary (CVE-2025-27103) DataEase (open source BI tool) prior to v2.10.6 is affected by a bypass of the patch for CVE-2024-55953 that allows authenticated users to read and deserialize arbitrary files via the background JDBC connection. The issue arises from the unfiltered JDBC connection string ...

8.6CVSS6.3AI score0.00424EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder