CVE-2026-45535 DataEase: Stored SQL Injection Vulnerability
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as $var and SqlparserUtils.handleVariableDefaultValue inserts them with String.replace without escaping or parameterizatio...