216307 matches found
CVE-2026-33084
DataEase (open-source) has a SQL injection in versions ≤ 2.10.20 via the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service passes the user-supplied sort value to the sorting metadata DTO, which is then incorporated into the SQL ORDER BY clause in Order...
EUVD-2026-23284
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...
USN-8181-1 libowasp-esapi-java vulnerabilities
Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory paths during path verification. An attacker could possibly use this issue to bypass directory validation checks, leading to control-flow bypass. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,...
USN-8181-1: ESAPI vulnerabilities
Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory paths during path verification. An attacker could possibly use this issue to bypass directory validation checks, leading to control-flow bypass. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,...
EUVD-2026-23282
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...
CVE-2026-33083 DataEase has SQL Injection in Order By Clause
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...
CVE-2026-33083 DataEase has SQL Injection in Order By Clause
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...
CVE-2026-33083
DataEase has a SQL injection in the orderDirection parameter for dataset endpoints (e.g., /de2api/datasetData/enumValueDs, /de2api/datasetTree/exportDataset) affecting versions 2.10.20 and earlier. The Order2SQLObj directly assigns raw user-supplied orderDirection into the SQL query and renders i...
CVE-2026-33082
DataEase (open source data visualization tool) has a SQL injection vulnerability in the dataset export feature for versions 2.10.20 and earlier. The issue arises in the POST /de2api/datasetTree/exportDataset flow where expressionTree is deserialized into a filtering object and fed to WhereTree2St...
CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...
ofensive-playbook
HackTheBox — Writeups Collection A collection of HackTheBox m...
EUVD-2026-23266
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/viewemployee.php...
EUVD-2026-23254
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/editmusic.php...
EUVD-2026-23239
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...
CVE-2026-37344
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/managelocation.php...
CVE-2026-37343
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manageuser.php...
CVE-2026-37341
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/managecategory.php...
CVE-2026-37342
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/viewparkeddetails.php...
CVE-2026-37346
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/viewaccount.php?empid=...
CVE-2026-37347
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/viewemployee.php...