Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25711

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.08217EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/15 4:12 p.m.12 views

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

8.7CVSS0.00758EPSS
Exploits1References2
CVE
CVE
added 2025/09/15 4:12 p.m.26 views

CVE-2025-58748

CVE-2025-58748 affects DataEase up to version 2.10.12, where the H2 data source (H2.java) does not validate that a JDBC URL starts with jdbc:h2 . This enables a crafted configuration to substitute the Amazon Redshift driver and leverage socketFactory/socketFactoryArg to trigger a remote XML resou...

9.8CVSS7.4AI score0.00758EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/09/15 4:4 p.m.21 views

CVE-2025-58046

Dataease CVE-2025-58046 affects the Impala data source in versions up to 2.10.12 due to insufficient filtering in getJdbc. An attacker can craft a JDBC connection string that triggers JNDI injection and RMI deserialization, enabling remote command execution. Remediation is to upgrade to 2.10.13 o...

9.8CVSS8.2AI score0.01303EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/20 12:0 a.m.4 views

PT-2024-5352 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate...

4.3CVSS7AI score0.00408EPSS
Exploits0References16
PyPA
PyPA
added 2010/09/08 8:0 p.m.7 views

PYSEC-2010-32

ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service crash of worker threads via vectors that trigger uncaught exceptions...

4.3CVSS6.8AI score0.01528EPSS
Exploits1References10Affected Software1
Rows per page
Query Builder