Lucene search
K

4 matches found

EUVD
EUVD
added 2026/04/16 6:16 p.m.6 views

EUVD-2026-23286

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.7CVSS6AI score0.00328EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/16 6:16 p.m.31 views

CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.7CVSS0.00328EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/16 6:16 p.m.4 views

CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.7CVSS6AI score0.00328EPSS
Exploits1References2
CVE
CVE
added 2026/04/16 6:16 p.m.15 views

CVE-2026-33121

DataEase (open-source data visualization/analytics) has a SQL injection in the API datasource Save flow affecting versions 2.10.20 and earlier. The deTableName field from the Base64-encoded datasource configuration is used to build a DDL statement via simple string replacement without sanitizatio...

8.8CVSS6AI score0.00328EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder