Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 2025/11/20 5:15 p.m.2 views

CVE-2025-64428

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed...

9.8CVSS0.00188EPSS
Exploits1References3
CVE
CVEadded 2025/11/06 12:7 a.m.23 views

CVE-2025-64164

DataEase (open source data visualization tool) is affected in versions

9.8CVSS6.6AI score0.00148EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2025/08/25 4:42 p.m.22 views

CVE-2025-57773

CVE-2025-57773 affects DataEase prior to version 2.10.12, where unfiltered DB2 parameters enable a JNDI injection that triggers an AspectJWeaver deserialization attack, writing to files. The exploitation requires the presence of commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerabil...

9.8CVSS6.7AI score0.00545EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2025/08/25 4:42 p.m.3 views

CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability...

8.2CVSS7.2AI score0.00545EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEVadded 2025/06/23 12:0 a.m.80 views

VulnCheck KEV: CVE-2025-70974

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...

10CVSS5.8AI score0.90694EPSS
In wildExploits7References3
OSV
OSVadded 2025/03/19 2:15 p.m.0 views

CVE-2024-55551

An issue was discovered in Exasol JDBC driver before 24.2.1 2024-12-10. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution...

8.3CVSS6.2AI score0.03173EPSS
Exploits0References4
OSV
OSVadded 2023/07/10 4:15 p.m.1 views

CVE-2023-27867

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this...

8.8CVSS6.2AI score
Exploits0References3
GithubExploit
GithubExploitadded 2021/12/14 8:41 a.m.40 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

It is an offensive tool for log4j2. The tool is a PoC exploit fo...

10CVSS9.2AI score0.94358EPSS
Exploits342
CNVD
CNVDadded 2018/03/27 12:0 a.m.2 views

Jolokia agent JNDI injection vulnerability

Jolokia is a use of JSON via Http to achieve JMX remote management of open source projects , it provides JMX batch operation , security policies , etc. Jolokia agent is one of the agent . Jolokia agent 1.3.7 version of the proxy mode has a security vulnerability . Remote attackers can use this...

8.1CVSS7.8AI score0.91099EPSS
Exploits1References1
Rows per page
Query Builder