7.7
CVE-2025-27138 - DataEase has an improper authentication vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workaβ¦
7.8
CVE-2025-1432 - 3DM File Parsing Use-After-Free Vulnerability
A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
7.8
CVE-2025-1431 - SLDPRT File Parsing Out-of-Bounds Read Vulnerability
A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
7.8
CVE-2025-1430 - SLDPRT File Parsing Memory Corruption Vulnerability
A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
0.0
CVE-2024-12858 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. *** Duplicate of CVE-2025-22880 ***
7.8
CVE-2025-1429 - MODEL File Parsing Heap-Based Buffer Overflow Vulnerability
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
7.8
CVE-2025-1428 - CATPRODUCT File Parsing Out-of-Bounds Read Vulnerability
A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
7.8
CVE-2025-1427 - CATPRODUCT File Parsing Uninitialized Variable Vulnerability
A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
7.3
CVE-2025-27103 - Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerabiβ¦
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. Noβ¦
7.3
CVE-2025-24974 - DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerabiβ¦
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available.