Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-53730

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute...

8.7CVSS6.2AI score0.00235EPSS
Exploits0References3Affected Software1
CVE
CVE
added last week10 views

CVE-2026-53730

CVE-2026-53730 — DataEase : Affected product is DataEase (open source data visualization/analysis tool). Before version 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation, allowing any authenticated user to specify datasourceId=-1, access the ...

8.7CVSS6.2AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.6 views

PT-2026-56247

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The '/de2api/datasetData/previewSql' endpoint lacks the mandatory @DePermit permission validation annotation. This allows any authenticated user to set the datasourceId variable to -1, granting...

8.7CVSS6.3AI score0.00235EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.12 views

CVE-2026-40900

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.8CVSS5.9AI score0.00342EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/16 8:53 p.m.17 views

CVE-2026-40900 DataEase has SQL Injection via Stacked Queries

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.7CVSS0.00342EPSS
Exploits1References2
Rows per page
Query Builder