Lucene search
+L

209 matches found

Vulnrichment
Vulnrichment
added 2025/07/02 2:22 p.m.4 views

CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...

9.3CVSS6.4AI score0.00543EPSS
Exploits1References1
NVD
NVD
added 2025/07/01 1:15 a.m.12 views

CVE-2025-53005

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

9.8CVSS0.00522EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.5 views

PT-2025-27634 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. The issue lies in parameters like sslfactory and sslfactoryarg, which have similar functionality to socketfactory an...

9.8CVSS7.1AI score0.00543EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.9 views

Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code that originates from an unauthorized WebSocket connection and could result in reading arbitrary files or executing code. The following versions are affected: Claude Code for VSCode...

8.8CVSS9.3AI score0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.8 views

HTACG HTML Tidy 安全漏洞

HTACG HTML Tidy is an open source HTML tool from HTML Tidy Advocacy Community Group. A security vulnerability exists in HTACG HTML Tidy version 5.8.0 due to a memory leak in the defaultAlloc function in the src/alloc.c file...

5.5CVSS4AI score0.00196EPSS
Exploits1References6
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

MAYA: Addressing Inconsistencies in Generative Password Guessing through a Unified Benchmark

Recent advances in generative models have led to their application in password guessing, with the aim of replicating the complexity, structure, and patterns of human-created passwords. Despite their potential, inconsistencies and inadequate evaluation methodologies in prior research have hindered...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/05 9:18 p.m.33 views

CVE-2025-49002

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

9.8CVSS6.7AI score0.43192EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/06/05 7:16 p.m.27 views

CVE-2025-48998

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

8.8CVSS6.6AI score0.00439EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/06/03 8:37 p.m.6 views

CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

9.2CVSS6.3AI score0.43192EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/06/03 8:33 p.m.111 views

CVE-2025-49001 Dataease Authentication Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...

8.7CVSS0.21265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:39 a.m.12 views

CVE-2025-24025

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.380, the tags page allows users to search for tags. If the search does not return any results, the query gets reflected on the error modal, which leads to cross-site...

6.1CVSS6.5AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.12 views

CVE-2024-55953

DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised ...

8.6CVSS6.4AI score0.01053EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.10 views

CVE-2023-37257

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds...

5.4CVSS6AI score0.00374EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:32 a.m.11 views

CVE-2023-40183

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...

7.5CVSS6.8AI score0.00636EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/05/19 12:0 a.m.9 views

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2025-1551)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.7CVSS4.9AI score0.00296EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.7 views

Checkmate 安全漏洞

Checkmate is an open source, self-hosted tool from BlueWave Open Source designed to track and monitor server hardware, uptime, response time and events in real-time with beautiful visualizations. A security vulnerability exists in Checkmate versions prior to 2.1 that stems from unrestricted acces...

5CVSS6.2AI score0.00295EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.7 views

Retrieval-based-Voice-Conversion-WebUI 代码注入漏洞

Retrieval-based-Voice-Conversion-WebUI is an open source voice training modeling tool from RVC-Project. A code injection vulnerability exists in Retrieval-based-Voice-Conversion-WebUI version 2.2.231006 and earlier, which stems from improper handling of the ckptpath2 variable and could lead to...

9.8CVSS8.2AI score0.00799EPSS
Exploits0References5
CVE
CVE
added 2025/05/01 5:20 p.m.62 views

CVE-2025-46566

DataEase CVE-2025-46566 affects the open-source BI tool; authenticated users could achieve RCE via the backend JDBC link due to validation issues in the JDBC path. The vulnerability is addressed in version 2.10.9, with Red Hat/OSV notes indicating a bypass risk before 2.10.10 and that 2.10.10 con...

9.8CVSS6.3AI score0.00615EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.6 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in versions prior to DataEase 2.10.9 , which...

9.8CVSS7.6AI score0.00615EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/25 8:58 p.m.18 views

CVE-2025-32966

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.8...

9.8CVSS6.7AI score0.04309EPSS
Exploits1References1
Rows per page
Query Builder