Lucene search
+L

791 matches found

Nuclei
Nuclei
added yesterday103 views

DataEase <= 2.4.1 - Sensitive Information Exposure

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...

5.3CVSS5.2AI score0.16EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday36 views

DataEase - Remote Code Execution

DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...

9.8CVSS5.3AI score0.43192EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday15 views

DataEase 2.10.4-2.10.7 - Remote Code Execution

DataEase prior to version 2.10.8 contains a remote code execution caused by insecure backend JDBC link handling, letting authenticated users execute arbitrary code, exploit requires user authentication. id: CVE-2025-32966 info: name: DataEase 2.10.4-2.10.7 - Remote Code Execution author: ChrisJr4...

9.8CVSS6.6AI score0.04309EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday37 views

DataEase < 2.10.10 - JWT Authentication Bypass

DataEase 2.10.10 contains a broken authentication caused by ineffective secret verification, letting users forge JWT tokens, exploit requires no special privileges. id: CVE-2025-49001 info: name: DataEase 2.10.10 - JWT Authentication Bypass author: YunSeoJo,aryu-ru severity: critical description:...

9.8CVSS5.2AI score0.21265EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday84 views

DataEase v2.10.2 - JWT Signature Verification Bypass

DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions, the lack of signature verification of JWT tokens allows attackers to forge JWTs, which then allow access to any interface. The...

9.3CVSS5.3AI score0.01223EPSS
Exploits1References1
NVD
NVD
added 3 days ago5 views

CVE-2026-50124

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, and executing an SQL dataset path where...

7.1CVSS0.00322EPSS
Exploits0References4
NVD
NVD
added 3 days ago5 views

CVE-2026-50030

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL preview exposes DatasetDataApi.previewSql/previewSqlCheck through /de2api/datasetData/previewSql, accepts PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross, then...

7.1CVSS0.00269EPSS
Exploits0References3
NVD
NVD
added 3 days ago8 views

CVE-2026-49867

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...

6.3CVSS0.00269EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-45535

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as $var and SqlparserUtils.handleVariableDefaultValue inserts them with String.replace without escaping or parameterizatio...

8.7CVSS0.00248EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-45534

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty"java.io.tmpdir", setting...

9CVSS0.00396EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-45419

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageServicesave, StaticResourceServersaveFilesToServe, and the /de2api/templateManage/save endpoint with attacker-controlled staticResource names and Base64 content, allowing...

8.5CVSS0.00313EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-45320

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as $deptId are processed by SqlparserUtils.transFilter, whose final branch returns raw user input for non-in and non-between operators before SubstitutedSql.replace"$var", valu...

8.7CVSS0.00269EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-45417

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvidercheckStatus,...

8.7CVSS0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-49867 DataEase: Authenticated Stored XSS in DataEase Template Static Resources

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...

6.3CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 3 days ago8 views

CVE-2026-49867

DataEase (open source data visualization tool) contains an authenticated stored XSS in template static resources prior to version 2.10.23. The flaw occurs when authenticated users submit TemplateManageRequest.staticResource via POST /de2api/templateManage/save or via DataVisualizationServer.decom...

6.3CVSS6.1AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-46684 DataEase: Unauthorized Command Execution Vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilterdoFilter pass X-DE-TOKEN values to TokenUtils.validate, which checks only token presence and length before userBOByTokentoken uses JWT.decode without signature...

9.5CVSS0.00193EPSS
Exploits0References3
CVE
CVE
added 3 days ago14 views

CVE-2026-46684

CVE-2026-46684 (DataEase) : Open-source data visualization tool DataEase prior to 2.10.23 is affected by an unauthorized command execution vulnerability. The issue stems from enterprise token handling where TokenFilter#doFilter() may pass X-DE-TOKEN values to TokenUtils.validate(), which only che...

9.5CVSS6.1AI score0.00193EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-45320 DataEase Data Dashboard SqlVariable transFilter Unfiltered SQL Injection

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as $deptId are processed by SqlparserUtils.transFilter, whose final branch returns raw user input for non-in and non-between operators before SubstitutedSql.replace"$var", valu...

8.7CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-45320

DataEase (open source data visualization/analysis tool) is affected by an SQL injection in dashboard variables. Prior to version 2.10.23, dashboard SQL variables (e.g., ${deptId}) are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between o...

8.7CVSS6.1AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-45535 DataEase: Stored SQL Injection Vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as $var and SqlparserUtils.handleVariableDefaultValue inserts them with String.replace without escaping or parameterizatio...

8.7CVSS0.00248EPSS
Exploits0References3
Rows per page
Query Builder