CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

461 matches found

NVD•added 2026/04/26 10:17 p.m.•8 views

CVE-2026-7045

A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessordoDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the...

6.5CVSS0.00237EPSS

Exploits0References7

vulnersOsv•added 2026/04/26 3:10 p.m.•6 views

cc.allio.uno:uno-data-db (>=1.1.9 <=1.2.1), cc.allio.uno:uno-test (>=1.1.9 <=1.2.1) +193 more potentially affected by CVE-2026-7045 via com.baomidou:dynamic-datasource-spring-boot-common (>=4.0.0-B1 <=4.5.0)

com.baomidou:dynamic-datasource-spring-boot-common MAVEN version =4.0.0-B1, =1.1.9, =1.1.9, =2024.1.1.0, =2023.5.1.0, =2022.5.0.0, =2022.4.1.0, =1.0.0-JDK21, =1.0.0-JDK21, =4.0.0, =4.0.0, =4.5.0 - com.baomidou:dynamic-datasource-spring-boot4-starter =4.5.0 and more Source cves: CVE-2026-7045 Sour...

6.5CVSS6.5AI score0.00237EPSS

Exploits0

EUVD•added 2026/04/26 1:45 p.m.•2 views

EUVD-2026-25722

6.5CVSS5.1AI score0.00237EPSS

Exploits0References7

Vulnrichment•added 2026/04/26 1:45 p.m.•4 views

CVE-2026-7045 baomidou dynamic-datasource StandardEvaluationContext/SpelExpressionParser DsSpelExpressionProcessor.java DsSpelExpressionProcessor#doDetermineDatasource injection

6.5CVSS6.1AI score0.00237EPSS

Exploits0References7

CVE•added 2026/04/26 1:45 p.m.•15 views

CVE-2026-7045

CVE-2026-7045 affects baomidou dynamic-datasource 2.5.0. The vulnerability targets DsSpelExpressionProcessor#doDetermineDatasource in dynamic-datasource-spring (StandardEvaluationContext/SpelExpressionParser). The issue arises from manipulated SpEL evaluation, enabling injection. Reported as expl...

6.5CVSS6.1AI score0.00237EPSS

Exploits0References7

Cvelist•added 2026/04/26 1:45 p.m.•31 views

CVE-2026-7045 baomidou dynamic-datasource StandardEvaluationContext/SpelExpressionParser DsSpelExpressionProcessor.java DsSpelExpressionProcessor#doDetermineDatasource injection

6.5CVSS0.00237EPSS

Exploits0References7

ATTACKERKB•added 2026/04/26 1:45 p.m.•2 views

CVE-2026-7045

6.5CVSS5.1AI score0.00237EPSS

Exploits0References8Affected Software1

Positive Technologies•added 2026/04/26 12:0 a.m.•4 views

PT-2026-35227

6.5CVSS5.1AI score0.00237EPSS

Exploits0References7

CNNVD•added 2026/04/26 12:0 a.m.•13 views

dynamic-datasource-spring-boot-starter 注入漏洞

dynamic-datasource-spring-boot-starter is a fast integration multi-data-source starter developed by baomidou under the Open Source project. Version 2.5.0 of dynamic-datasource-spring-boot-starter contains an injection vulnerability. This vulnerability stems from improper handling of the...

6.5CVSS6.6AI score0.00237EPSS

Exploits0References1

Cvelist•added 2026/04/16 8:53 p.m.•13 views

CVE-2026-40900 DataEase has SQL Injection via Stacked Queries

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.7CVSS0.00342EPSS

Exploits1References2

NVD•added 2026/04/16 8:16 p.m.•4 views

CVE-2026-33122

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from th...

9.8CVSS0.00405EPSS

Exploits1References2

CVE•added 2026/04/16 7:48 p.m.•14 views

CVE-2026-40899

DataEase

8.3CVSS5.9AI score0.00388EPSS

Exploits1References2Affected Software1

EUVD•added 2026/04/16 7:37 p.m.•1 views

EUVD-2026-23291

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

8.6CVSS6.1AI score0.00349EPSS

Exploits1References2

Cvelist•added 2026/04/16 7:37 p.m.•23 views

CVE-2026-33207 DataEase SQL Injection Vulnerability

8.6CVSS0.00349EPSS

Exploits1References2

Vulnrichment•added 2026/04/16 7:24 p.m.•4 views

CVE-2026-33122 DataEase has SQL Injection via Datasource Management

8.6CVSS5.8AI score0.00405EPSS

Exploits1References2

CVE•added 2026/04/16 7:24 p.m.•13 views

CVE-2026-33122

CVE-2026-33122 concerns DataEase, an open‑source data visualization/analytics platform. Versions 2.10.20 and below are affected by a SQL injection in the API datasource update flow: during a datasource update, the deTableName field is passed to DatasourceSyncManage.createEngineTable and concatena...

9.8CVSS6AI score0.00405EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/04/16 7:24 p.m.•2 views

CVE-2026-33122

8.6CVSS6AI score0.00405EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/04/16 7:24 p.m.•22 views

CVE-2026-33122 DataEase has SQL Injection via Datasource Management

8.6CVSS0.00405EPSS

Exploits1References2

EUVD•added 2026/04/16 7:24 p.m.•3 views

EUVD-2026-23290

8.6CVSS6AI score0.00405EPSS

Exploits1References2

NVD•added 2026/04/16 7:16 p.m.•5 views

CVE-2026-33121

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.8CVSS0.00328EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by