CVE-2026-33084

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

CVE-2026-40900

DataEase prior to 2.10.21 contains an SQL injection in the /de2api/datasetData/previewSql endpoint. User-supplied SQL is wrapped in a subquery without validating that the input is a single SELECT. Coupled with a JDBC blocklist bypass enabling allowMultiQueries=true, an attacker can break out of t...

CVE-2026-40900 DataEase has SQL Injection via Stacked Queries

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

CVE-2026-40900

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

CVE-2026-33084

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

CVE-2026-2472

CVE-2026-2472 concerns Google Cloud Vertex AI SDK (google-cloud-aiplatform). The vulnerability resides in the _genai/_evals_visualization component and affects versions from 1.98.0 up to, but not including, 1.131.0. It enables a stored XSS where an unauthenticated remote attacker can inject scrip...

PT-2026-21290

Name of the Vulnerable Software and Affected Versions Google Cloud Vertex AI SDK google-cloud-aiplatform versions 1.98.0 through 1.130.9 Description A Stored Cross-Site Scripting XSS issue exists in the genai/ evals visualization component of Google Cloud Vertex AI SDK. This allows an...

DataEase SQL Injection Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase /de2api/datasetData/tableField processing tableName parameter...

PT-2023-24194 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 1.4.0 through 2.3.16 Xibo versions 2.3.17 is not affected, but versions prior to 3.3.5 are affected, so the correct range is Xibo versions 3.3.0 through 3.3.4 Description: A SQL injection issue was discovered in the...