Lucene search
K

321 matches found

NVD
NVD
added last week9 views

CVE-2026-55647

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...

5.1CVSS0.00269EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56248

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An issue exists in the H2 database JDBC URL validation logic where special Unicode characters can be used to bypass security checks. This occurs because the case-conversion behavior of these...

8.7CVSS6.2AI score0.00375EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56244

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The /de2api/share/proxyInfo share interface generates and returns an X-DE-LINK-TOKEN before validating the share password or ticket. This allows unauthenticated attackers who possess a protected...

8.7CVSS6.1AI score0.00285EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56251

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated attacker can bypass previous fixes for the H2 zip protocol and file dropper. By uploading a zip archive disguised with a .ttf extension via the FontManage.saveFile function, the...

8.7CVSS6.2AI score0.00501EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/ava (>=3.0.0 <=3.6.0-alpha.0) +18 more potentially affected by unknown CVE via @antv/color-schema (=0.2.3)

@antv/color-schema NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/color-schema and may be impacted: - @antv/auto-chart =2.0.0, =3.0.0, =3.0.0, =2.0.0, =5.1.5, =0.1.0, =2.0.4, =0.1.7, =1.0.0, =3.4.1-formant, =3.3.2-formant,...

5.5AI score
Exploits0
Fedora
Fedora
added 2026/04/25 1:55 a.m.7 views

[SECURITY] Fedora 44 Update: qt6-qtdatavis3d-6.10.3-1.fc44

Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...

5.3AI score
Exploits0
Fedora
Fedora
added 2026/04/25 1:54 a.m.8 views

[SECURITY] Fedora 44 Update: LabPlot-2.12.1-17.fc44

LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...

5.3AI score
Exploits0
EUVD
EUVD
added 2026/04/16 7:37 p.m.5 views

EUVD-2026-23291

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

8.6CVSS6.1AI score0.00349EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/16 6:14 p.m.4 views

EUVD-2026-23284

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

8.7CVSS6AI score0.00328EPSS
Exploits1References2
NVD
NVD
added 2026/03/12 6:16 p.m.5 views

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS0.00418EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/09 12:0 a.m.2 views

Apache Superset Security Bypass Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to execute sensitive SQL functions...

6.5CVSS5.9AI score0.00607EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

Data Visualization MCP Server 代码注入漏洞

The Data Visualization MCP Server is a context-based protocol server developed by Isaac Wasserman, designed for data visualization purposes. The Data Visualization MCP Server has a code injection vulnerability, which stems from incorrect handling of the vegalitespecification parameter, potentiall...

6.5CVSS6.7AI score0.00228EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.7 views

CVE-2021-41192

Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...

8.1CVSS6.8AI score0.08017EPSS
Exploits1References1
Fedora
Fedora
added 2025/12/28 1:9 a.m.8 views

[SECURITY] Fedora 43 Update: duc-1.4.6-1.fc43

Duc is a collection of tools for indexing, inspecting and visualizing disk usage. Duc maintains a database of accumulated sizes of directories of the file system, and allows you to query this database with some tools, or create fancy graphs showing you where your bytes are...

7.5CVSS6.9AI score0.00851EPSS
Exploits1
Fedora
Fedora
added 2025/11/06 2:24 a.m.9 views

[SECURITY] Fedora 42 Update: qt5-qtdatavis3d-5.15.18-1.fc42

Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...

7AI score
Exploits0
NVD
NVD
added 2025/11/06 12:15 a.m.5 views

CVE-2025-64163

DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15...

9.8CVSS0.01054EPSS
Exploits1References3
Fedora
Fedora
added 2025/10/30 4:36 a.m.8 views

[SECURITY] Fedora 42 Update: qt6-qtdatavis3d-6.9.3-1.fc42

Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...

9.4CVSS7AI score0.00204EPSS
Exploits0
Fedora
Fedora
added 2025/10/30 4:36 a.m.6 views

[SECURITY] Fedora 42 Update: LabPlot-2.12.1-11.fc42

LabPlot is a FREE, open source and cross-platform Data Visualization and Analysis software accessible to everyone. - High-quality Data Visualization and Plotting with just a few clicks - Reliable and easy Data Analysis and Statistics, no coding required! - Intuitive and fast Computing with...

9.4CVSS7AI score0.00204EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/20 5:26 p.m.6 views

CVE-2025-62422

DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...

8.8CVSS7.9AI score0.00474EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/20 12:0 a.m.4 views

DataEase H2 JDBC Injection Code Execution Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase H2.java handles JDBC connection validation with a code injection...

8.8CVSS8.1AI score0.00936EPSS
Exploits1References1
Rows per page
Query Builder