CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

CVE-2026-33083

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.8CVSS5.7AI score0.00036EPSS

Exploits1References1

RedhatCVE•added 6 days ago•5 views

CVE-2026-33082

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

9.8CVSS5.8AI score0.00039EPSS

Exploits1References1

CVE•added 2026/05/17 12:30 a.m.•12 views

CVE-2026-8724

CVE-2026-8724 relates to Dataease 2.10.20, affecting the Data Dashboard component. The vulnerability lies in the function SqlparserUtils.transFilter in SqlparserUtils.java, enabling a SQL injection condition. Documents indicate the attack could be launched remotely and that exploits have been pub...

7.2CVSS5.6AI score0.00011EPSS

Exploits1References4Affected Software1

NVD•added 2026/04/16 9:16 p.m.•2 views

CVE-2026-40900

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.8CVSS0.00039EPSS

Exploits1References2

NVD•added 2026/04/16 8:16 p.m.•1 views

CVE-2026-33207

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

8.8CVSS0.00039EPSS

Exploits1References2

Vulnrichment•added 2026/04/16 7:24 p.m.•3 views

CVE-2026-33122 DataEase has SQL Injection via Datasource Management

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from th...

8.6CVSS5.8AI score0.00014EPSS

Exploits1References2

CVE•added 2026/04/16 7:24 p.m.•8 views

CVE-2026-33122

CVE-2026-33122 concerns DataEase, an open‑source data visualization/analytics platform. Versions 2.10.20 and below are affected by a SQL injection in the API datasource update flow: during a datasource update, the deTableName field is passed to DatasourceSyncManage.createEngineTable and concatena...

9.8CVSS6AI score0.00014EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/04/16 7:24 p.m.•20 views

CVE-2026-33122 DataEase has SQL Injection via Datasource Management

8.6CVSS0.00014EPSS

Exploits1References2

NVD•added 2026/04/16 6:16 p.m.•1 views

CVE-2026-33082

9.8CVSS0.00039EPSS

Exploits1References2

Cvelist•added 2026/04/16 6:16 p.m.•26 views

CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.7CVSS0.00039EPSS

Exploits1References2

CVE•added 2026/04/16 6:14 p.m.•5 views

CVE-2026-33084

DataEase (open-source) has a SQL injection in versions ≤ 2.10.20 via the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service passes the user-supplied sort value to the sorting metadata DTO, which is then incorporated into the SQL ORDER BY clause in Order...

8.8CVSS6AI score0.00039EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/04/16 5:52 p.m.•1 views

CVE-2026-33083

8.7CVSS6AI score0.00036EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/04/16 5:52 p.m.•22 views

CVE-2026-33083 DataEase has SQL Injection in Order By Clause

8.7CVSS0.00036EPSS

Exploits1References2

EUVD•added 2026/04/16 5:39 p.m.•2 views

EUVD-2026-23280

8.7CVSS6AI score0.00039EPSS

Exploits1References2

CVE•added 2026/04/16 5:39 p.m.•9 views

CVE-2026-33082

DataEase (open source data visualization tool) has a SQL injection vulnerability in the dataset export feature for versions 2.10.20 and earlier. The issue arises in the POST /de2api/datasetTree/exportDataset flow where expressionTree is deserialized into a filtering object and fed to WhereTree2St...

9.8CVSS6AI score0.00039EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/04/16 12:0 a.m.•2 views

PT-2026-33354

8.7CVSS6AI score0.00039EPSS

Exploits1References4

CNNVD•added 2026/04/16 12:0 a.m.•5 views

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.20 and earlier contain security...

8.8CVSS5.9AI score0.00039EPSS

Exploits1References2

RedhatCVE•added 2026/03/26 3:2 p.m.•3 views

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

8.1CVSS5.8AI score0.00082EPSS

Exploits1References1