Skip to main content

Datart

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-70828 HIGH This Week

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration [CVSS 8.8 HIGH]

Command Injection RCE Datart
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-70829 MEDIUM POC This Month

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string. [CVSS 5.7 MEDIUM]

Information Disclosure Datart
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-56816 HIGH POC This Week

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Path Traversal Datart
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-56815 HIGH POC This Week

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Datart
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-56819 CRITICAL POC Act Now

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Datart
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2025-70828
EPSS 0% CVSS 8.8
HIGH This Week

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration [CVSS 8.8 HIGH]

Command Injection RCE Datart
NVD GitHub
CVE-2025-70829
EPSS 0% CVSS 5.7
MEDIUM POC This Month

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string. [CVSS 5.7 MEDIUM]

Information Disclosure Datart
NVD GitHub
CVE-2025-56816
EPSS 1% CVSS 8.8
HIGH POC This Week

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Path Traversal +1
NVD GitHub
CVE-2025-56815
EPSS 0% CVSS 7.1
HIGH POC This Week

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Datart
NVD GitHub
CVE-2025-56819
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Datart
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy