CVE-2026-50530
- EPSS 0.24%
- Veröffentlicht 07.07.2026 20:41:07
- Zuletzt bearbeitet 08.07.2026 15:07:37
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the reque...
CVE-2026-50529
- EPSS 0.29%
- Veröffentlicht 07.07.2026 20:39:23
- Zuletzt bearbeitet 08.07.2026 15:07:37
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers wh...
CVE-2026-55647
- EPSS 0.27%
- Veröffentlicht 07.07.2026 20:37:54
- Zuletzt bearbeitet 08.07.2026 15:07:37
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard ...
CVE-2026-55635
- EPSS 0.27%
- Veröffentlicht 07.07.2026 20:35:43
- Zuletzt bearbeitet 09.07.2026 16:16:45
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres() without applying the SQL literal valida...
CVE-2026-57172
- EPSS 0.29%
- Veröffentlicht 07.07.2026 20:33:26
- Zuletzt bearbeitet 08.07.2026 15:07:37
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known ...
CVE-2026-53751
- EPSS 0.38%
- Veröffentlicht 07.07.2026 20:31:12
- Zuletzt bearbeitet 08.07.2026 15:07:37
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 par...
CVE-2026-53730
- EPSS 0.24%
- Veröffentlicht 07.07.2026 20:29:19
- Zuletzt bearbeitet 09.07.2026 16:16:43
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1,...
CVE-2026-55633
- EPSS 0.5%
- Veröffentlicht 07.07.2026 20:27:28
- Zuletzt bearbeitet 08.07.2026 15:16:29
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFi...
CVE-2026-55631
- EPSS 0.31%
- Veröffentlicht 07.07.2026 20:24:56
- Zuletzt bearbeitet 08.07.2026 15:07:37
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend c...
CVE-2026-53729
- EPSS 0.39%
- Veröffentlicht 07.07.2026 20:23:08
- Zuletzt bearbeitet 08.07.2026 15:16:29
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download (/exportCenter/download/{id}), delete (/exportCenter/delete), retry (/exportCenter/retry/{id}), or generate download links (/export...