3 matches found
CVE-2026-53730
CVE-2026-53730 — DataEase : Affected product is DataEase (open source data visualization/analysis tool). Before version 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation, allowing any authenticated user to specify datasourceId=-1, access the ...
CVE-2026-40900
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...
CVE-2026-40900 DataEase has SQL Injection via Stacked Queries
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...