Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2024-56511
CRITICAL CVSS 9.3
Find Similar
DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause th
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authenticat
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may
CVE-2024-47073
CRITICAL CVSS 9.3
Find Similar
DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of j
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection
DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `
Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filterin
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only b
Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns://
CVE-2024-52295
CRITICAL CVSS 9.3
Find Similar
DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OI
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbi
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbit
Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI i
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. T
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysq
CVE-2026-32140
CRITICAL CVSS 9.3
Find Similar
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An at
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI
Page 1+ Next →