CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

702 matches found

Positive Technologies•added 2023/07/25 12:0 a.m.•8 views

PT-2023-25861 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.9 Description: DataEase is an open source data visualization analysis tool. It has a SQL injection vulnerability that can bypass blacklists. Recommendations: For versions prior to 1.18.9, update to version 1.18...

9.8CVSS9.7AI score0.00871EPSS

Exploits1References7

CNNVD•added 2023/07/25 12:0 a.m.•16 views

DataEase SQL注入漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A SQL injection vulnerability exists in DataEase versions prior to 1.18.9, which stems from the presence...

9.8CVSS8.6AI score0.00871EPSS

Exploits1References4

CNNVD•added 2023/07/25 12:0 a.m.•3 views

DataEase 跨站脚本漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. A cross-site scripting vulnerability exists in DataEase versions prior to 1.18.9 that stems from...

5.4CVSS5.3AI score0.00374EPSS

Exploits1References3

Positive Technologies•added 2023/07/25 12:0 a.m.•3 views

PT-2023-25860 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.9 Description: DataEase is an open source data visualization analysis tool. The DataEase panel and dataset have a stored cross-site scripting vulnerability. The issue has been fixed in version 1.18.9. There are...

5.4CVSS5.2AI score0.00374EPSS

Exploits1References6

NVD•added 2023/06/26 10:15 p.m.•25 views

CVE-2023-35164

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version...

6.5CVSS6.3AI score0.00375EPSS

Exploits1References1

Prion•added 2023/06/26 10:15 p.m.•17 views

Authorization

4CVSS6.5AI score0.00375EPSS

Exploits1References1Affected Software1

CVE•added 2023/06/26 9:17 p.m.•38 views

CVE-2023-35164

CVE-2023-35164 (DataEase) involves a missing authorization check in DataEase prior to version 1.18.8, allowing unauthorized users to manipulate dashboards created by an administrator. The issue affects versions before 1.18.8; the vulnerability is fixed in 1.18.8. In-scope impact is partial on int...

6.5CVSS6.3AI score0.00375EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/06/26 9:17 p.m.•33 views

CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase

6.3CVSS6.7AI score0.00375EPSS

Exploits1References1

Vulnrichment•added 2023/06/26 9:17 p.m.•20 views

CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase

6.3CVSS6.8AI score0.00375EPSS

Exploits1References1

OSV•added 2023/06/26 9:17 p.m.•24 views

CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase

6.3CVSS6.5AI score0.00375EPSS

Exploits1References3

NVD•added 2023/06/26 9:15 p.m.•16 views

CVE-2023-35168

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords,...

6.5CVSS6.6AI score0.00592EPSS

Exploits1References1

NVD•added 2023/06/26 9:15 p.m.•17 views

CVE-2023-34463

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known...

8.1CVSS8.2AI score0.00618EPSS

Exploits1References1

Prion•added 2023/06/26 9:15 p.m.•24 views

Privilege escalation

4CVSS6.6AI score0.00592EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/06/26 8:29 p.m.•25 views

CVE-2023-34463 Unauthorized users can delete applications in DataEase

8.1CVSS8.4AI score0.00618EPSS

Exploits1References1

Vulnrichment•added 2023/06/26 8:29 p.m.•14 views

CVE-2023-34463 Unauthorized users can delete applications in DataEase

8.1CVSS6.9AI score0.00618EPSS

Exploits1References1

CVE•added 2023/06/26 8:29 p.m.•44 views

CVE-2023-34463

DataEase contains a vulnerability (CVE-2023-34463) where unauthorized users can delete an application. Affected product: DataEase, with fixes implemented in version 1.18.8. Public references in multiple sources confirm the issue and upgrade as the advised remediation. Impact details describe unau...

8.1CVSS8.2AI score0.00618EPSS

Exploits1References1Affected Software1

OSV•added 2023/06/26 8:29 p.m.•28 views

CVE-2023-34463 Unauthorized users can delete applications in DataEase

8.1CVSS7.9AI score0.00618EPSS

Exploits1References3

Vulnrichment•added 2023/06/26 8:11 p.m.•11 views

CVE-2023-35168 DataEase has a privilege bypass vulnerability

6.5CVSS6.8AI score0.00592EPSS

Exploits1References1

Cvelist•added 2023/06/26 8:11 p.m.•21 views

CVE-2023-35168 DataEase has a privilege bypass vulnerability

6.5CVSS6.8AI score0.00592EPSS

Exploits1References1

CVE•added 2023/06/26 8:11 p.m.•48 views

CVE-2023-35168

DataEase (open source data visualization tool) has a privilege bypass vulnerability in affected versions prior to 1.18.8, allowing ordinary users to access the user database and exfiltrate fields such as password MD5 hashes, usernames, emails, and phone numbers. The fixed version is 1.18.8; upgra...

6.5CVSS6.6AI score0.00592EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by