Lucene search
K

702 matches found

Cvelist
Cvelist
added 2026/03/12 5:57 p.m.28 views

CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS0.002EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:57 p.m.10 views

CVE-2026-32139

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS5.9AI score0.002EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/12 5:57 p.m.13 views

CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS6AI score0.002EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/12 5:53 p.m.27 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS0.00418EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 5:53 p.m.21 views

CVE-2026-32137

CVE-2026-32137: Dataease prior to 2.10.20 is vulnerable to SQL injection in the /de2api/datasource/previewData endpoint via a directly concatenated tableName parameter. The table name is user-controllable and is not filtered or parameterized, enabling injection into the SQL statement. The issue a...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/12 5:53 p.m.5 views

EUVD-2026-11647

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 5:53 p.m.5 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:53 p.m.4 views

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 5:53 p.m.2 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

DataEase SQL注入漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Versions of DataEase prior to 2.10.20 contained a SQL injection...

9.3CVSS5.9AI score0.00418EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.9 views

PT-2026-25035

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS5.9AI score0.002EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

DataEase 跨站脚本漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.19 and earlier contained a cross-site scripting...

5.4CVSS5.7AI score0.002EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

DataEase 路径遍历漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Versions of DataEase prior to 2.10.20 contained a path traversal...

9.3CVSS6.1AI score0.00691EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.7 views

PT-2026-25034

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.7 views

PT-2026-25036

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS6.2AI score0.00691EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/04 1:44 p.m.7 views

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

6.3CVSS5.3AI score0.00184EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 10:16 a.m.8 views

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

5.9CVSS5.2AI score
Exploits0References4
NVD
NVD
added 2026/03/03 10:16 a.m.8 views

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

6.3CVSS0.00184EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/03 9:32 a.m.6 views

CVE-2025-15598 Dataease SQLBot JWT Token auth.py validateEmbedded signature verification

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

6.3CVSS5.3AI score0.00184EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/03 9:32 a.m.25 views

CVE-2025-15598 Dataease SQLBot JWT Token auth.py validateEmbedded signature verification

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

6.3CVSS0.00184EPSS
Exploits1References4
Rows per page
Query Builder