CVE-2026-8724

A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public...

CVE-2023-40771

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A code issue vulnerability exists in DataEase 2.10.14 and prior versions that...

EUVD-2023-2466

Malicious code in bioql PyPI...

CVE-2023-33963 DataEase data source has deserialization vulnerability

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

CVE-2021-38239

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sysmsg/list/1/10...

PT-2022-22013 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase version 1.11.1 Description: The issue is related to a SQL injection vulnerability. It occurs via the parameter dataSourceId. There is no information about the estimated number of potentially affected devices worldwide or real-world...