Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 18+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
High
DataEase v2.10.21 Security Update: Fixes SQLi, Arbitrary File Read, Auth Bypass
github.com · 2026-04-18
DataEase < v2.10.21
Read more
High
DataEase SQL Injection Vulnerability (CVE-2025-33083) Analysis and POC
CVE-2025-33083 · github.com · 2026-04-18
DataEase <2.10.21
Read more
High
Dataease GHSA-944x-93jf-h3rx Arbitrary File Read via JDBC Parameter Bypass and POC
GHSA-944x-93jf-h3rx · github.com · 2026-04-18
dataease < 2.10.21
Read more
Critical
DataEase Deserialization RCE via Quartz and Commons-Collections POC
github.com · 2026-04-18
DataEase <= 2.10.21
Read more
Critical
DataEase CVE-2024-40900 SQL Injection via Stacked Queries with POC
CVE-2024-40900 · github.com · 2026-04-18
DataEase < 2.10.21
Read more
High
DataEase getTextField SQL Injection Vulnerability and POC
github.com · 2026-04-18
DataEase < 2.10.21
Read more
Critical
DataEase v2.10.20 SQL Injection in getFieldEnumObj Endpoint
github.com · 2026-04-18
DataEase <2.10.21
Read more
High
DataEase SQLBot AI Model Management API Broken Function Level Authorization (CWE-285)
github.com · 2026-03-02
SQLBot <= v1.3.0
Read more
High
DataEase DB2 JNDI Injection Vulnerability (CVE-2025-64428) Bypass Analysis
CVE-2025-64428 · github.com · 2025-11-21
DataEase <= 2.10.16
Read more
DataEase DB2 SSRF Vulnerability (CVE-2025-64163) with Exploit PoC
github.com · 2025-11-06

## DataEase DB2 SSRF Vulnerability ### Package - Maven: io.dataease (Maven) ### Affected Versions - <= 2.10.14 ### Patched Versions - 2.10.15 ### Severity - High ### CVE ID - CVE-2025-64163 ### Descri…

Read more
Fix: JDBC URL Parameter Injection in Db2/Impala Drivers
github.com · 2025-09-16

From this webpage screenshot, the following key vulnerability-related information can be obtained: - **Vulnerability Fixed**: The commit message states “Fix: 修复漏洞” (Fix: Fix vulnerability), indicating…

Read more
DataEase SQL Injection Vulnerability Fix Analysis
github.com · 2025-08-27

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Type**: SQL Injection (SQLi) - **Remediation Measures**: - Added input parameter …

Read more
DataEase JDBC Connection Parameter Bypass Vulnerability (CVE-2023-28065) Analysis
github.com · 2025-07-06

### Key Information #### Vulnerability Name DataEase PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability #### Affected Scope - **Affected Versions**: <= 2.10.10 - **Fixed…

Read more
DataEase H2 JDBC Deserialization RCE Vulnerability (CVE-2021-42392) Analysis
github.com · 2025-07-06

From this webpage screenshot, the following key information about the vulnerability can be obtained: ### Vulnerability Overview - **Vulnerability Name**: Dataease H2 JDBC Connection Remote Code Execut…

Read more
DataEase Redshift SSRF Fix: Blocking socketFactory Parameters
github.com · 2025-06-05

From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Submission Details**: - Submission ID: `03b18db` - Submitters: `jinlong-T` and `tjlydx` - Submi…

Read more
DataEase CVE-2023-47153 Arbitrary File Read via JDBC
github.com · 2025-06-05

### Key Information #### Vulnerability Description - **Vulnerability Name**: DataEase Mysql JDBC Connection Parameters Not Verified Leads to Arbitrary File Read Vulnerability - **CVE ID**: CVE-2023-47…

Read more
DataEase JWT Signature Verification Bypass (<=2.10.1)
github.com · 2024-11-11

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Description**: - **Impact**: Due to the lack of JWT token signature verification…

Read more
DataEase Fix for Illegal Parameter Injection in PostgreSQL JDBC Connection String
github.com · 2024-10-12

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Code Changes**: - The code changes occurred in the file `core/backend/src/main/java/io/dataease…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.