5 matches found
PT-2026-50696
Name of the Vulnerable Software and Affected Versions Grav version 2.0.0-rc.9 with Admin2 version 2.0.0-rc.14 Description A stored cross-site scripting XSS issue exists in the Admin2 Pages API save flow due to a missing XSS safety check during partial validation. Stored XSS occurs when an...
CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...
CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...
CVE-2026-33121
DataEase (open-source data visualization/analytics) has a SQL injection in the API datasource Save flow affecting versions 2.10.20 and earlier. The deTableName field from the Base64-encoded datasource configuration is used to build a DDL statement via simple string replacement without sanitizatio...
vscode -- Visual Studio Code for Linux Remote Code Execution Vulnerability
VSCode developers report: Visual Studio Code for Linux Remote Code Execution Vulnerability A remote code execution vulnerability exists in VS Code 1.94.0 and earlier versions in the elevated save flow...