323 matches found
CVE-2026-45535
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as $var and SqlparserUtils.handleVariableDefaultValue inserts them with String.replace without escaping or parameterizatio...
CVE-2026-46684
CVE-2026-46684 (DataEase) : Open-source data visualization tool DataEase prior to 2.10.23 is affected by an unauthorized command execution vulnerability. The issue stems from enterprise token handling where TokenFilter#doFilter() may pass X-DE-TOKEN values to TokenUtils.validate(), which only che...
CVE-2026-55647
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...
PT-2026-56244
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The /de2api/share/proxyInfo share interface generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket. This allows unauthenticated attackers who possess a protected...
PT-2026-56251
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated attacker can bypass previous fixes for the H2 zip protocol and file dropper. By uploading a zip archive disguised with a .ttf extension via the FontManage.saveFile function, the...
PT-2026-56248
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description DataEase is an open source data visualization and analysis tool. The H2 database JDBC URL validation logic can be bypassed using special Unicode characters. This occurs because the case-conversion...
@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/ava (>=3.0.0 <=3.6.0-alpha.0) +18 more potentially affected by unknown CVE via @antv/color-schema (=0.2.3)
@antv/color-schema NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/color-schema and may be impacted: - @antv/auto-chart =2.0.0, =3.0.0, =3.0.0, =2.0.0, =5.1.5, =0.1.0, =2.0.4, =0.1.7, =1.0.0, =3.4.1-formant, =3.3.2-formant,...
[SECURITY] Fedora 44 Update: qt6-qtdatavis3d-6.10.3-1.fc44
Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...
[SECURITY] Fedora 44 Update: LabPlot-2.12.1-17.fc44
LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...
EUVD-2026-23291
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...
EUVD-2026-23284
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...
CVE-2026-32137
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
Apache Superset Security Bypass Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to execute sensitive SQL functions...
Data Visualization MCP Server 代码注入漏洞
The Data Visualization MCP Server is a context-based protocol server developed by Isaac Wasserman, designed for data visualization purposes. The Data Visualization MCP Server has a code injection vulnerability, which stems from incorrect handling of the vegalitespecification parameter, potentiall...
CVE-2021-41192
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...
[SECURITY] Fedora 43 Update: duc-1.4.6-1.fc43
Duc is a collection of tools for indexing, inspecting and visualizing disk usage. Duc maintains a database of accumulated sizes of directories of the file system, and allows you to query this database with some tools, or create fancy graphs showing you where your bytes are...
[SECURITY] Fedora 42 Update: qt5-qtdatavis3d-5.15.18-1.fc42
Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...
CVE-2025-64163
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...
[SECURITY] Fedora 42 Update: qt6-qtdatavis3d-6.9.3-1.fc42
Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...
[SECURITY] Fedora 42 Update: LabPlot-2.12.1-11.fc42
LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...