321 matches found
CVE-2026-55647
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...
PT-2026-56248
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An issue exists in the H2 database JDBC URL validation logic where special Unicode characters can be used to bypass security checks. This occurs because the case-conversion behavior of these...
PT-2026-56244
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The /de2api/share/proxyInfo share interface generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket. This allows unauthenticated attackers who possess a protected...
PT-2026-56251
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated attacker can bypass previous fixes for the H2 zip protocol and file dropper. By uploading a zip archive disguised with a .ttf extension via the FontManage.saveFile function, the...
@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/ava (>=3.0.0 <=3.6.0-alpha.0) +18 more potentially affected by unknown CVE via @antv/color-schema (=0.2.3)
@antv/color-schema NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/color-schema and may be impacted: - @antv/auto-chart =2.0.0, =3.0.0, =3.0.0, =2.0.0, =5.1.5, =0.1.0, =2.0.4, =0.1.7, =1.0.0, =3.4.1-formant, =3.3.2-formant,...
[SECURITY] Fedora 44 Update: qt6-qtdatavis3d-6.10.3-1.fc44
Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...
[SECURITY] Fedora 44 Update: LabPlot-2.12.1-17.fc44
LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...
EUVD-2026-23291
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...
EUVD-2026-23284
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...
CVE-2026-32137
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
Apache Superset Security Bypass Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to execute sensitive SQL functions...
Data Visualization MCP Server 代码注入漏洞
The Data Visualization MCP Server is a context-based protocol server developed by Isaac Wasserman, designed for data visualization purposes. The Data Visualization MCP Server has a code injection vulnerability, which stems from incorrect handling of the vegalitespecification parameter, potentiall...
CVE-2021-41192
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...
[SECURITY] Fedora 43 Update: duc-1.4.6-1.fc43
Duc is a collection of tools for indexing, inspecting and visualizing disk usage. Duc maintains a database of accumulated sizes of directories of the file system, and allows you to query this database with some tools, or create fancy graphs showing you where your bytes are...
[SECURITY] Fedora 42 Update: qt5-qtdatavis3d-5.15.18-1.fc42
Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...
CVE-2025-64163
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...
[SECURITY] Fedora 42 Update: qt6-qtdatavis3d-6.9.3-1.fc42
Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...
[SECURITY] Fedora 42 Update: LabPlot-2.12.1-11.fc42
LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...
CVE-2025-62422
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...
DataEase H2 JDBC Injection Code Execution Vulnerability
DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase H2.java handles JDBC connection validation with a code injection...