5 matches found
CVE-2026-40899
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...
📄 DataEase 2.4.0 Information Disclosure
DataEase version 2.4.0 suffers from a database configuration information disclosure vulnerability. - Exploit Title: DataEase Database Creds Extractor - Shodan Dork: http.html:"dataease" - FOFA Dork: body="dataease" && title=="DataEase" - Exploit Author: ByteHunter - Email: [email protected] ...
DataEase 2.4.0 - Database Configuration Information Exposure
Exploit Title: DataEase 2.4.0 - Database Configuration Information Exposure Shodan Dork: http.html:"dataease" FOFA Dork: body="dataease" && title=="DataEase" Exploit Author: ByteHunter Email: [email protected] vulnerable Versions: 2.4.0-2.5.0 Tested on: 2.4.0 CVE : CVE-2024-30269 import...