CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/16 7:37 p.m.•23 views

CVE-2026-33207 DataEase SQL Injection Vulnerability

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

8.6CVSS0.00349EPSS

Vulnrichment•added 2026/04/16 7:24 p.m.•4 views

CVE-2026-33122 DataEase has SQL Injection via Datasource Management

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from th...

8.6CVSS5.8AI score0.00405EPSS

CVE•added 2026/04/16 7:24 p.m.•13 views

CVE-2026-33122

CVE-2026-33122 concerns DataEase, an open‑source data visualization/analytics platform. Versions 2.10.20 and below are affected by a SQL injection in the API datasource update flow: during a datasource update, the deTableName field is passed to DatasourceSyncManage.createEngineTable and concatena...

9.8CVSS6AI score0.00405EPSS

Cvelist•added 2026/04/16 7:24 p.m.•22 views

CVE-2026-33122 DataEase has SQL Injection via Datasource Management

8.6CVSS0.00405EPSS

EUVD•added 2026/04/16 7:24 p.m.•3 views

EUVD-2026-23290

8.6CVSS6AI score0.00405EPSS

NVD•added 2026/04/16 7:16 p.m.•5 views

CVE-2026-33084

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

8.8CVSS0.00328EPSS

NVD•added 2026/04/16 7:16 p.m.•5 views

CVE-2026-33121

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.8CVSS0.00328EPSS

NVD•added 2026/04/16 6:16 p.m.•4 views

CVE-2026-33083

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.8CVSS0.00328EPSS

NVD•added 2026/04/16 6:16 p.m.•4 views

CVE-2026-33082

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

9.8CVSS0.00325EPSS

CVE•added 2026/04/16 6:16 p.m.•9 views

CVE-2026-33121

DataEase (open-source data visualization/analytics) has a SQL injection in the API datasource Save flow affecting versions 2.10.20 and earlier. The deTableName field from the Base64-encoded datasource configuration is used to build a DDL statement via simple string replacement without sanitizatio...

8.8CVSS6AI score0.00328EPSS

EUVD•added 2026/04/16 6:16 p.m.•3 views

EUVD-2026-23286

Vulnrichment•added 2026/04/16 6:16 p.m.•3 views

CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow

ATTACKERKB•added 2026/04/16 6:16 p.m.•2 views

CVE-2026-33121

Exploits1References3Affected Software1

Cvelist•added 2026/04/16 6:16 p.m.•28 views

CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow

8.7CVSS0.00328EPSS

Cvelist•added 2026/04/16 6:14 p.m.•31 views

CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint

8.7CVSS0.00328EPSS

Vulnrichment•added 2026/04/16 6:14 p.m.•4 views

CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint

8.7CVSS5.9AI score0.00328EPSS

ATTACKERKB•added 2026/04/16 6:14 p.m.•3 views

CVE-2026-33084

Exploits1References3Affected Software1

CVE•added 2026/04/16 6:14 p.m.•8 views

CVE-2026-33084

DataEase (open-source) has a SQL injection in versions ≤ 2.10.20 via the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service passes the user-supplied sort value to the sorting metadata DTO, which is then incorporated into the SQL ORDER BY clause in Order...

8.8CVSS6AI score0.00328EPSS

EUVD•added 2026/04/16 5:52 p.m.•4 views

EUVD-2026-23282