Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

702 matches found

Positive Technologies
Positive Technologiesadded 2023/06/01 12:0 a.m.3 views

PT-2023-24604 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.7 Description: A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The issue has been fixed in version 1.18.7. There are no known workarounds asi...

9.8CVSS9.7AI score0.01344EPSS
Exploits1References5
CNNVD
CNNVDadded 2023/06/01 12:0 a.m.2 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in versions prior to DataEase v1.18.7 that stems from the vulnerability ...

8.1CVSS7.6AI score0.01014EPSS
Exploits1References5
CNNVD
CNNVDadded 2023/06/01 12:0 a.m.3 views

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.7. An attacker exploiting the...

9.8CVSS8.8AI score0.01344EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2023/06/01 12:0 a.m.3 views

PT-2023-23720 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.7 Description: The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references IDOR. This could result in a user deleting another user's dashboard o...

8.1CVSS7.7AI score0.01014EPSS
Exploits1References11
NVD
NVDadded 2023/03/28 9:15 p.m.47 views

CVE-2023-28637

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

8.8CVSS8.3AI score0.0132EPSS
Exploits1References1
Prion
Prionadded 2023/03/28 9:15 p.m.18 views

Remote code execution

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

6.5CVSS8.8AI score0.0132EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2023/03/28 8:2 p.m.41 views

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

8CVSS9.1AI score0.0132EPSS
Exploits1References1
CVE
CVEadded 2023/03/28 8:2 p.m.61 views

CVE-2023-28637

CVE-2023-28637 affects DataEase when using the AWS Redshift data source ; lack of data sanitization can enable remote code execution . The issue is tied to how input is sanitized by the Redshift source, and multiple sources reiterate this vulnerability. A fix is available in DataEase ≥ 1.18.5 ; u...

8.8CVSS8.6AI score0.0132EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/03/28 8:2 p.m.7 views

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

8CVSS9AI score0.0132EPSS
Exploits1References1
OSV
OSVadded 2023/03/28 8:2 p.m.27 views

CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

8CVSS8.9AI score0.0132EPSS
Exploits1References3
CNNVD
CNNVDadded 2023/03/28 12:0 a.m.4 views

DataEase 注入漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . An injection vulnerability exists in DataEase version 1.18.4 and earlier versions. An attacker...

8.8CVSS8.1AI score0.0132EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2023/03/28 12:0 a.m.6 views

PT-2023-21865 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.5 Description: DataEase is an open source data visualization analysis tool where users can modify data, and data sources are expected to sanitize data properly. However, the AWS redshift data source does not...

8.8CVSS8.8AI score0.0132EPSS
Exploits1References4
NVD
NVDadded 2023/03/25 12:15 a.m.16 views

CVE-2023-28437

Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds...

9.8CVSS10AI score0.00882EPSS
Exploits1References3
Prion
Prionadded 2023/03/25 12:15 a.m.21 views

Sql injection

Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds...

7.5CVSS9.8AI score0.00882EPSS
Exploits1References3Affected Software1
CNNVD
CNNVDadded 2023/03/25 12:0 a.m.3 views

DataEase SQL注入漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A SQL injection vulnerability exists in Dataease 1.18.4 and earlier versions, which stems from the keywo...

9.8CVSS8.6AI score0.00882EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2023/03/24 11:43 p.m.7 views

CVE-2023-28437 SQL injection vulnerability due to the keyword blacklist for defending against SQL injection will be bypassed

Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds...

9.8CVSS7.9AI score0.00882EPSS
Exploits1References3
OSV
OSVadded 2023/03/24 11:43 p.m.25 views

CVE-2023-28437 SQL injection vulnerability due to the keyword blacklist for defending against SQL injection will be bypassed

Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds...

9.8CVSS9.6AI score0.00882EPSS
Exploits1References5
CVE
CVEadded 2023/03/24 11:43 p.m.63 views

CVE-2023-28437

Dataease SQL injection vulnerability (CVE-2023-28437) is caused by a missing entries in the keyword blacklist protecting against SQLi. Affects Dataease prior to version 1.18.5; fix released in 1.18.5. CVSS v3.1 base score 9.8 (CRITICAL) with NETWORK attack, LOW complexity, no privileges, no user ...

9.8CVSS10AI score0.00882EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2023/03/24 11:43 p.m.30 views

CVE-2023-28437 SQL injection vulnerability due to the keyword blacklist for defending against SQL injection will be bypassed

Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds...

9.8CVSS10AI score0.00882EPSS
Exploits1References3
NVD
NVDadded 2023/03/24 9:15 p.m.16 views

CVE-2023-28435

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

6.5CVSS6.7AI score0.00465EPSS
Exploits1References2
Rows per page
Query Builder