Lucene search
+L

118 matches found

Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-45417 DataEase: SQL injection vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvidercheckStatus,...

8.7CVSS0.00227EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 9:17 p.m.10 views

CVE-2026-55631

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...

7.2CVSS0.00313EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:31 p.m.7 views

CVE-2026-53751

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous...

8.7CVSS6.2AI score0.00375EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/05/06 4:27 a.m.125 views

Exploit for CVE-2026-33324

CVE-2026-33324 Overview SQLBot, a sophisticated Text-to-S...

9.4CVSS6.1AI score0.00603EPSS
Exploits2
OSV
OSV
added 2026/04/16 7:37 p.m.2 views

CVE-2026-33207 DataEase SQL Injection Vulnerability

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

8.6CVSS6.2AI score0.00349EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.10 views

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.20 and earlier contain security...

9.8CVSS5.9AI score0.00405EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.10 views

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.20 and earlier contain security vulnerabilities...

9CVSS6.2AI score0.0063EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 6:4 p.m.19 views

CVE-2026-32140

Dataease (open source data visualization tool) Before version 2.10.20 is vulnerable via the Redshift JDBC driver where the IniFile parameter can be exploited to load an attacker-controlled configuration file. The getJdbcIniFile discovery mechanism can, if not restricted, locate rsjdbc.ini and, in...

9.3CVSS6.2AI score0.00691EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/12 5:57 p.m.31 views

CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS0.002EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.7 views

DataEase SQL注入漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Versions of DataEase prior to 2.10.20 contained a SQL injection...

9.3CVSS5.9AI score0.00418EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A code issue vulnerability exists in DataEase 2.10.14 and prior versions that...

9.8CVSS7.1AI score0.0057EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A code issue vulnerability exists in DataEase version 2.10.14 and versions prio...

9.8CVSS6.8AI score0.01054EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/20 4:29 p.m.31 views

CVE-2025-62420

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.8CVSS8AI score0.00936EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-16761

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00439EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6235

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01087EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42262

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00569EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-19595

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00522EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-39173

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00714EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-29701

Malicious code in bioql PyPI...

7.2CVSS5.8AI score0.00523EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-38093

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01344EPSS
Exploits1References2
Rows per page
Query Builder