Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-58748

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-15 Sep, 2025 | 16:12
Updated At-15 Sep, 2025 | 18:47
Rejected At-
Credits

Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon Redshift driver and leverages the socketFactory and socketFactoryArg parameters to invoke org.springframework.context.support.FileSystemXmlApplicationContext or ClassPathXmlApplicationContext with an attacker‑controlled remote XML resource, resulting in remote code execution. Versions up to and including 2.10.12 are affected. The issue is fixed in version 2.10.13. Updating to version 2.10.13 or later is the recommended remediation. No known workarounds exist.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:15 Sep, 2025 | 16:12
Updated At:15 Sep, 2025 | 18:47
Rejected At:
▼CVE Numbering Authority (CNA)
Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon Redshift driver and leverages the socketFactory and socketFactoryArg parameters to invoke org.springframework.context.support.FileSystemXmlApplicationContext or ClassPathXmlApplicationContext with an attacker‑controlled remote XML resource, resulting in remote code execution. Versions up to and including 2.10.12 are affected. The issue is fixed in version 2.10.13. Updating to version 2.10.13 or later is the recommended remediation. No known workarounds exist.

Affected Products
Vendor
DataEase (FIT2CLOUD Inc.)dataease
Product
dataease
Versions
Affected
  • < 2.10.13
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502: Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502: Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/dataease/dataease/security/advisories/GHSA-23qw-9qrh-9rr8
x_refsource_CONFIRM
https://github.com/dataease/dataease/commit/23a45e72a7abc37d5680b0a7cf691b8df378d4ef
x_refsource_MISC
Hyperlink: https://github.com/dataease/dataease/security/advisories/GHSA-23qw-9qrh-9rr8
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/dataease/dataease/commit/23a45e72a7abc37d5680b0a7cf691b8df378d4ef
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:15 Sep, 2025 | 17:15
Updated At:19 Sep, 2025 | 19:31

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon Redshift driver and leverages the socketFactory and socketFactoryArg parameters to invoke org.springframework.context.support.FileSystemXmlApplicationContext or ClassPathXmlApplicationContext with an attacker‑controlled remote XML resource, resulting in remote code execution. Versions up to and including 2.10.12 are affected. The issue is fixed in version 2.10.13. Updating to version 2.10.13 or later is the recommended remediation. No known workarounds exist.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

DataEase (FIT2CLOUD Inc.)
dataease
>>dataease>>Versions before 2.10.13(exclusive)
cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-502Primarysecurity-advisories@github.com
CWE ID: CWE-502
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/dataease/dataease/commit/23a45e72a7abc37d5680b0a7cf691b8df378d4efsecurity-advisories@github.com
Patch
https://github.com/dataease/dataease/security/advisories/GHSA-23qw-9qrh-9rr8security-advisories@github.com
Exploit
Vendor Advisory
Hyperlink: https://github.com/dataease/dataease/commit/23a45e72a7abc37d5680b0a7cf691b8df378d4ef
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/dataease/dataease/security/advisories/GHSA-23qw-9qrh-9rr8
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1035Records found

CVE-2025-58046
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-1.30% / 67.00%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 16:04
Updated-19 Sep, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct malicious JDBC connection strings that exploit JNDI injection and trigger RMI deserialization, ultimately enabling remote command execution. The vulnerability can be exploited by editing the data source and providing a crafted JDBC connection string that references a remote configuration file, leading to RMI-based deserialization attacks. This issue has been patched in version 2.10.13. It is recommended to upgrade to the latest version. No known workarounds exist for affected versions.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-57773
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-7.31% / 93.62%
||
7 Day CHG~0.00%
Published-25 Aug, 2025 | 16:42
Updated-03 Sep, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerability has been fixed in version 2.10.12.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-33963
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.34% / 67.96%
||
7 Day CHG~0.00%
Published-01 Jun, 2023 | 15:09
Updated-08 Jan, 2025 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase data source has deserialization vulnerability

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-39312
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.47% / 70.64%
||
7 Day CHG~0.00%
Published-25 Oct, 2022 | 00:00
Updated-22 Apr, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability

Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java`, the `MysqlConfiguration` class does not filter any parameters. If an attacker adds some parameters to a JDBC url and connects to a malicious mysql server, the attacker can trigger the mysql jdbc deserialization vulnerability. Through the deserialization vulnerability, the attacker can execute system commands and obtain server privileges. Version 1.15.2 contains a patch for this issue.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-64164
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.51% / 39.64%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 00:07
Updated-07 Nov, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase is vulnerable to Oracle JNDI Injection

Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection (Java Naming and Directory Interface injection). This issue is fixed in version 2.10.15.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-47074
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.57% / 42.95%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 14:45
Updated-12 Nov, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability

DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, PgConfiguration class don't filter any parameters, directly concat user input. So, if the attacker adds some parameters in JDBC url, and connect to evil PG server, the attacker can trigger the PG jdbc deserialization vulnerability, and eventually the attacker can execute through the deserialization vulnerability system commands and obtain server privileges. The vulnerability has been fixed in v1.18.25.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-33084
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.33% / 24.75%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 18:14
Updated-20 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase has SQL Injection through its getFieldEnumObj Endpoint

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the sorting metadata DTO, which is passed to Order2SQLObj where it is incorporated into the SQL ORDER BY clause without any whitelist validation, and then executed via CalciteProvider. An authenticated attacker can inject arbitrary SQL commands through the sort parameter, enabling time-based blind SQL injection. This issue has been fixed in version 2.10.21.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-33082
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.33% / 24.39%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 17:39
Updated-20 Apr, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase: SQL Injection in v2 Dataset Export

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to WhereTree2Str.transFilterTrees for SQL translation, where user-controlled values in "like" filter terms are directly concatenated into SQL fragments without sanitization. An attacker can inject arbitrary SQL commands by escaping the string literal in the filter value, enabling blind SQL injection through techniques such as time-based extraction of database information. This issue has been fixed in version 2.10.21.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-33121
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.33% / 24.75%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 18:16
Updated-20 Apr, 2026 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase has SQL Injection via Datasource Save Flow

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple string replacement without any sanitization or escaping of the table name. An authenticated attacker can inject arbitrary SQL commands by crafting a deTableName that breaks out of identifier quoting, enabling error-based SQL injection that can extract database information such as the MySQL version. This issue has been fixed in version 2.10.21.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-33083
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.33% / 24.75%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 17:52
Updated-20 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase has SQL Injection in Order By Clause

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLObj class directly assigns the raw user-supplied orderDirection value into the SQL query without any validation or whitelist enforcement, and the value is rendered into the ORDER BY clause via StringTemplate before being executed against the database. An authenticated attacker can inject arbitrary SQL commands through the sorting direction field, enabling time-based blind data extraction and denial of service. This issue has been fixed in version 2.10.21.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-57772
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-8.22% / 94.20%
||
7 Day CHG~0.00%
Published-25 Aug, 2025 | 17:00
Updated-03 Sep, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease H2 JDBC RCE Bypass

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's filtering logic and returns the H2 JDBC URL, allowing the "driver":"org.h2.Driver" to specify the H2 driver for the JDBC connection. The vulnerability has been fixed in version 2.10.12.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-58045
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.65% / 46.44%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 15:53
Updated-19 Sep, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not filtered, allowing attackers to exploit the DB2 JDBC connection string to trigger server-side request forgery (SSRF). In higher versions of Java, ldap deserialization (autoDeserialize) is disabled by default, preventing remote code execution, but SSRF remains exploitable. Versions up to 2.10.12 are affected. The issue is fixed in version 2.10.13. Updating to 2.10.13 or later is recommended. No known workarounds are documented aside from upgrading.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-53006
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.54% / 41.59%
||
7 Day CHG~0.00%
Published-02 Jul, 2025 | 14:22
Updated-10 Jul, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference lies in that "sslfactory" and related parameters need to be triggered after establishing the connection. Other similar parameters include "sslhostnameverifier", "sslpasswordcallback", and "authenticationPluginClassName". This issue has been patched in 2.10.11.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-153
Improper Neutralization of Substitution Characters
CVE-2025-53004
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.52% / 40.48%
||
7 Day CHG~0.00%
Published-30 Jun, 2025 | 20:18
Updated-10 Jul, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-153
Improper Neutralization of Substitution Characters
CVE-2025-49003
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.81% / 52.36%
||
7 Day CHG~0.00%
Published-26 Jun, 2025 | 13:51
Updated-09 Jul, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease H2 JDBC Connection Remote Code Execution

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threat actor who uses a carefully crafted message that exploits this character conversion can cause remote code execution. The vulnerability has been fixed in v2.10.11. No known workarounds are available.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-153
Improper Neutralization of Substitution Characters
CVE-2025-49002
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-41.84% / 98.52%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 20:37
Updated-05 Jun, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-49001
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-19.39% / 97.02%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 20:33
Updated-05 Jun, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease Authentication Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-287
Improper Authentication
CVE-2025-46566
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.59% / 44.06%
||
7 Day CHG~0.00%
Published-01 May, 2025 | 17:20
Updated-28 May, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dataease redshift JDBC Connection Remote Code Execution

DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CVE-2026-23958
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.47% / 37.63%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 01:42
Updated-17 Feb, 2026 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover

Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints that verify JWT tokens. The vulnerability has been fixed in v2.10.19. No known workarounds are available.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-37258
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.87% / 54.39%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 19:36
Updated-03 Oct, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase has a SQL injection vulnerability that can bypass blacklists

DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataeasedataease
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-27138
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.54% / 41.57%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:49
Updated-21 Mar, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase has an improper authentication vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33122
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.40% / 32.48%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 19:24
Updated-20 Apr, 2026 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase has SQL Injection via Datasource Management

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from the user-submitted configuration is passed to DatasourceSyncManage.createEngineTable, where it is substituted into a CREATE TABLE statement template without any sanitization or identifier escaping. An authenticated attacker can inject arbitrary SQL commands by crafting a deTableName that breaks out of identifier quoting, enabling error-based SQL injection that can extract database information. This issue has been fixed in version 2.10.21.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-28437
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 54.73%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 23:43
Updated-19 Feb, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability due to the keyword blacklist for defending against SQL injection will be bypassed

Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-34113
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 61.24%
||
7 Day CHG+0.02%
Published-22 Jul, 2022 | 22:17
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.

Action-Not Available
Vendor-n/aDataEase (FIT2CLOUD Inc.)
Product-dataeasen/a
CVE-2022-34115
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 57.84%
||
7 Day CHG+0.02%
Published-22 Jul, 2022 | 22:16
Updated-03 Sep, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.

Action-Not Available
Vendor-n/aDataEase (FIT2CLOUD Inc.)
Product-dataeasen/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-64163
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-1.05% / 60.24%
||
7 Day CHG+0.09%
Published-05 Nov, 2025 | 23:52
Updated-07 Nov, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase's DB2 is vulnerable to SSRF

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-64428
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.9||HIGH
EPSS-0.51% / 39.49%
||
7 Day CHG~0.00%
Published-20 Nov, 2025 | 17:07
Updated-24 Nov, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase DB2 JNDI Vulnerability

Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-62422
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.46% / 36.90%
||
7 Day CHG~0.00%
Published-17 Oct, 2025 | 17:11
Updated-24 Oct, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase SQL injection vulnerability

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in version 2.10.14. No known workarounds exist.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-56511
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-20.88% / 97.25%
||
7 Day CHG~0.00%
Published-10 Jan, 2025 | 15:19
Updated-20 Feb, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase has an unauthorized vulnerability

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class, ”request.getRequestURI“ is used to obtain the request URL, and it is passed to the "WhitelistUtils.match" method to determine whether the URL request is an interface that does not require authentication. The "match" method filters semicolons, but this is not enough. When users set "server.servlet.context-path" when deploying products, there is still a risk of being bypassed, which can be bypassed by any whitelist prefix /geo/../context-path/. The vulnerability has been fixed in v2.10.4.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-289
Authentication Bypass by Alternate Name
CVE-2024-57707
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 48.73%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 00:00
Updated-28 Mar, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.

Action-Not Available
Vendor-n/aDataEase (FIT2CLOUD Inc.)
Product-dataeasen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-52295
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.83% / 53.18%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 15:49
Updated-20 Feb, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase has a forged JWT token vulnerability

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataeasedataease
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-46997
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.44% / 69.99%
||
7 Day CHG-0.01%
Published-23 Sep, 2024 | 15:14
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase's H2 datasource has a remote command execution risk

DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2026-40901
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.63% / 45.75%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 20:57
Updated-20 Apr, 2026 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase: Quartz Deserialization → Remote Code Execution

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializes job data BLOBs from the qrtz_job_details table using ObjectInputStream with no deserialization filter or class allowlist. An authenticated attacker who can write to the Quartz job table, such as through the previously described SQL injection in previewSql, can replace a scheduled job's JOB_DATA with a malicious CommonsCollections6 gadget chain payload. When the Quartz cron trigger fires, the payload is deserialized and executes arbitrary commands as root inside the container, achieving full remote code execution. This issue has been fixed in version 2.10.21.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-62419
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.39% / 31.29%
||
7 Day CHG~0.00%
Published-17 Oct, 2025 | 17:11
Updated-24 Oct, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE values are directly concatenated into the JDBC URL without filtering illegal parameters. This allows an attacker to inject a malicious JDBC string into the HOSTNAME field to bypass previously patched vulnerabilities CVE-2025-57773 and CVE-2025-58045. The vulnerability is fixed in version 2.10.14. No known workarounds exist.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-62420
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.92% / 55.77%
||
7 Day CHG~0.00%
Published-17 Oct, 2025 | 17:11
Updated-24 Oct, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DataEase vulnerable to remote code execution via H2 JDBC driver bypass

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual connection URL. An attacker can provide a jdbcUrl that starts with jdbc:h2 while supplying a different jdbc field with an arbitrary JDBC driver and connection string. This allows an authenticated attacker to trigger arbitrary JDBC connections with malicious drivers, potentially leading to remote code execution. The vulnerability is fixed in version 2.10.14. No known workarounds exist.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataease
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-23328
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-1.21% / 64.75%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 15:40
Updated-08 Jan, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Dataease datasource exists deserialization and arbitrary file read vulnerability

Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is `core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java.` The blacklist of mysql jdbc attacks can be bypassed and attackers can further exploit it for deserialized execution or reading arbitrary files. This vulnerability is patched in 1.18.15 and 2.3.0.

Action-Not Available
Vendor-DataEase (FIT2CLOUD Inc.)
Product-dataeasedataeasedataease
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-30221
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.46% / 37.00%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 05:07
Updated-11 May, 2026 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunshine Photo Cart plugin <= 3.1.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.1.1.

Action-Not Available
Vendor-sunshinephotocartsunshinephotocart
Product-sunshine_photo_cartSunshine Photo Cart
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-20330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.64% / 94.45%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 03:35
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-global_lifecycle_management_opatchretail_sales_auditcommunications_contacts_serverprimavera_unifiercommunications_cloud_native_core_network_slice_selection_functiononcommand_api_servicescommunications_billing_and_revenue_managementsiebel_engineering_-_installer_\&_deploymentjd_edwards_enterpriseone_orchestratorsiebel_ui_frameworkcommunications_network_charging_and_controlactive_iq_unified_managerbanking_platformcommunications_instant_messaging_serverretail_merchandising_systemsnapcentersteelstore_cloud_integrated_storagedebian_linuxweblogic_serverjackson-databindtrace_file_analyzergoldengate_stream_analyticsretail_xstore_point_of_servicecustomer_management_and_segmentation_foundationcommunications_evolved_communications_application_servergoldengate_application_adaptersservice_level_managerjd_edwards_enterpriseone_toolsenterprise_manager_base_platformwebcenter_portaln/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-31094
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.55% / 42.05%
||
7 Day CHG~0.00%
Published-31 Mar, 2024 | 18:03
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.

Action-Not Available
Vendor-Filter Custom Fields & Taxonomies Lightfilter_custom_fields_and_taxonomies_light
Product-Filter Custom Fields & Taxonomies Lightfilter_custom_fields_and_taxonomies_light
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-3070
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 63.22%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 20:03
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Action-Not Available
Vendor-jottlieb
Product-Last Viewed Posts by WPBeginner
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-28861
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.53% / 71.75%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 16:43
Updated-05 Dec, 2025 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder

Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue.

Action-Not Available
Vendor-friendsofsymfony1FriendsOfSymfony1friends_of_symfony_project
Product-symfony1symfony1fosuserbundle
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-29847
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-10||CRITICAL
EPSS-52.91% / 98.84%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 01:09
Updated-17 Sep, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_managerEPMendpoint_manager
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-27604
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 59.74%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 00:00
Updated-27 Mar, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized.

Action-Not Available
Vendor-alldatan/a
Product-alldatan/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-28211
Matching Score-4
Assigner-Naver Corporation
ShareView Details
Matching Score-4
Assigner-Naver Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 51.99%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 04:49
Updated-07 May, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.

Action-Not Available
Vendor-naverNAVERnaver
Product-ngrindernGrinderngrinder
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-28212
Matching Score-4
Assigner-Naver Corporation
ShareView Details
Matching Score-4
Assigner-Naver Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 59.38%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 04:49
Updated-07 May, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

Action-Not Available
Vendor-naverNAVERnaver
Product-ngrindernGrinderngrinder
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-26289
Matching Score-4
Assigner-EU Agency for Cybersecurity (ENISA)
ShareView Details
Matching Score-4
Assigner-EU Agency for Cybersecurity (ENISA)
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 44.81%
||
7 Day CHG~0.00%
Published-27 May, 2024 | 07:01
Updated-04 Apr, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Inclusion Vulnerability in Multiple PMB Versions

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18.

Action-Not Available
Vendor-sigbPMB Servicespmb_services
Product-pmbPMBpmb
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-25117
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.93% / 56.33%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 16:25
Updated-05 Feb, 2025 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
php-svg-lib lacks path validation on font through SVG inline styles

php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue.

Action-Not Available
Vendor-dompdfdompdfdompdfThe PHP Group
Product-php-svg-libphpphp-svg-libphp-svg-lib
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2016-1000027
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-32.26% / 98.11%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 00:00
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-spring_frameworkn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-20477
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.03% / 91.22%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 03:09
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.

Action-Not Available
Vendor-pyyamln/aFedora Project
Product-fedorapyyamln/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-7637
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 43.13%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 02:27
Updated-20 May, 2026 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.

Action-Not Available
Vendor-PixelYourSite
Product-Boost
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 20
  • 21
  • Next
Details not found