EUVD-2022-1219

Malicious code in bioql PyPI...

EUVD-2025-19589

Malicious code in bioql PyPI...

EUVD-2025-16761

Malicious code in bioql PyPI...

EUVD-2025-6385

Malicious code in bioql PyPI...

EUVD-2025-6384

Malicious code in bioql PyPI...

CVE-2025-58045

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

PT-2025-37720

Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 2.10.13 Dataease versions 2.10.12 and earlier Description: Dataease is a data visualization and analysis platform. Versions up to and including 2.10.12 are susceptible to remote code execution through the Impala dat...

CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...

CVE-2025-53005

DataEase (open source BI tool) is affected by CVE-2025-53005 prior to version 2.10.11 due to a bypass vulnerability in the PostgreSQL Data Source JDBC Connection Parameters. Specifically, the sslfactory and sslfactoryarg parameters could trigger the bypass. The issue has been fixed in version 2.1...

CVE-2025-53004

DataEase (open source BI tool) prior to version 2.10.11 is affected by a bypass vulnerability in the Redshift Data Source JDBC Connection Parameters. The issue is triggered by the sslfactory and sslfactoryarg parameters, allowing bypass of security controls. A fix is available in version 2.10.11,...

PT-2025-27412 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. There is a bypass vulnerability in DataEase's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and...

CVE-2025-48998

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not ...

CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

CVE-2025-48998

DataEase CVE-2025-48998: Affects DataEase prior to 2.10.6 where a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The issue has been fixed in v2.10.10; no public workarounds are documented. Connected...

PT-2025-23658 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 DataEase version 2.10.6 through 2.10.9 Description: The issue allows authenticated users to read and deserialize arbitrary files through the background JDBC connection due to a bypass of a previous patch...

CVE-2024-45537

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...

CVE-2024-55952

DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as...

CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9...