10 matches found
CVE-2025-64164
Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection Java Naming and Directory Interface injection. This issue is fixed in version 2.10.15...
CVE-2025-62422
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...
CVE-2025-62419
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...
CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a route upload/fileId that uses a URL path...
CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a route upload/fileId that uses a URL path...
EUVD-2025-34914
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...
CVE-2025-62422 DataEase SQL injection vulnerability
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...
CVE-2025-62422 DataEase SQL injection vulnerability
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...
PT-2024-28570 · Elementor · Powerpack Pro For Elementor
Name of the Vulnerable Software and Affected Versions: PowerPack Pro for Elementor versions 2.10.14 and earlier Description: The issue is related to Improper Privilege Management, which allows Privilege Escalation. Recommendations: For PowerPack Pro for Elementor versions 2.10.14 and earlier,...
phpList Improper Access Control and Information Leakage vulnerabilities
======================================================================== Title: phpList Improper Access Control and Information Leakage vulnerabilities Product: phpList http://www.phplist.com/ Author: Davide Canali E-mail: davide at davidecanali dot com Date: 2011-08-10...