Lucene search
K

5 matches found

NVD
NVD
added 2026/07/07 9:17 p.m.8 views

CVE-2026-53730

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute...

8.7CVSS0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 8:29 p.m.7 views

CVE-2026-53730 DataEase: Unauthorized Access to Engine Database via previewSql Endpoint

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute...

8.7CVSS6.2AI score0.00235EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 8:29 p.m.34 views

CVE-2026-53730 DataEase: Unauthorized Access to Engine Database via previewSql Endpoint

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute...

8.7CVSS0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 8:53 p.m.20 views

CVE-2026-40900

DataEase prior to 2.10.21 contains an SQL injection in the /de2api/datasetData/previewSql endpoint. User-supplied SQL is wrapped in a subquery without validating that the input is a single SELECT. Coupled with a JDBC blocklist bypass enabling allowMultiQueries=true, an attacker can break out of t...

8.8CVSS6.1AI score0.00342EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.11 views

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.20 and earlier contain security...

8.8CVSS6.1AI score0.00342EPSS
Exploits1References1
Rows per page
Query Builder