Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.7 views

CVE-2026-33082

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

9.8CVSS5.8AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-40900

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.8CVSS5.9AI score0.00342EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/16 8:53 p.m.15 views

CVE-2026-40900 DataEase has SQL Injection via Stacked Queries

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.7CVSS0.00342EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/16 8:53 p.m.3 views

CVE-2026-40900 DataEase has SQL Injection via Stacked Queries

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.7CVSS6AI score0.00342EPSS
Exploits1References2
NVD
NVD
added 2026/04/16 8:16 p.m.6 views

CVE-2026-33207

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

8.8CVSS0.00349EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 7:48 p.m.4 views

CVE-2026-40899

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...

8.3CVSS5.9AI score0.00388EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/16 7:37 p.m.25 views

CVE-2026-33207 DataEase SQL Injection Vulnerability

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

8.6CVSS0.00349EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/16 7:24 p.m.5 views

EUVD-2026-23290

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from th...

8.6CVSS6AI score0.00405EPSS
Exploits1References2
CVE
CVE
added 2026/04/16 7:24 p.m.18 views

CVE-2026-33122

CVE-2026-33122 concerns DataEase, an open‑source data visualization/analytics platform. Versions 2.10.20 and below are affected by a SQL injection in the API datasource update flow: during a datasource update, the deTableName field is passed to DatasourceSyncManage.createEngineTable and concatena...

9.8CVSS6AI score0.00405EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/04/16 7:16 p.m.7 views

CVE-2026-33084

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

8.8CVSS0.00328EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 6:16 p.m.4 views

CVE-2026-33121

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.7CVSS6AI score0.00328EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/16 6:16 p.m.29 views

CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.7CVSS0.00328EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/16 6:16 p.m.6 views

EUVD-2026-23286

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.7CVSS6AI score0.00328EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/16 6:14 p.m.8 views

CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

8.7CVSS5.9AI score0.00328EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/16 5:52 p.m.8 views

EUVD-2026-23282

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.7CVSS6AI score0.00328EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/16 5:52 p.m.10 views

CVE-2026-33083 DataEase has SQL Injection in Order By Clause

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.7CVSS6AI score0.00328EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/16 5:39 p.m.5 views

CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

8.7CVSS6AI score0.00325EPSS
Exploits1References2
CVE
CVE
added 2026/04/16 5:39 p.m.15 views

CVE-2026-33082

DataEase (open source data visualization tool) has a SQL injection vulnerability in the dataset export feature for versions 2.10.20 and earlier. The issue arises in the POST /de2api/datasetTree/exportDataset flow where expressionTree is deserialized into a filtering object and fed to WhereTree2St...

9.8CVSS6AI score0.00325EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/16 5:39 p.m.5 views

EUVD-2026-23280

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

8.7CVSS6AI score0.00325EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33353

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...

8.7CVSS6AI score0.00328EPSS
Exploits1References4
Rows per page
Query Builder