| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40901 | DataEase: Quartz Deserialization → Remote Code Execution | dataease | dataease | - | - | 2026-04-16 20:57:46 | Deep Dive |
| CVE-2026-40900 | DataEase has SQL Injection via Stacked Queries | dataease | dataease | - | - | 2026-04-16 20:53:28 | Deep Dive |
| CVE-2026-40899 | DataEase has an Arbitrary File Read Vulnerability | dataease | dataease | - | - | 2026-04-16 19:48:44 | Deep Dive |
| CVE-2026-33207 | DataEase SQL Injection Vulnerability | dataease | dataease | - | - | 2026-04-16 19:37:36 | Deep Dive |
| CVE-2026-33122 | DataEase has SQL Injection via Datasource Management | dataease | dataease | - | - | 2026-04-16 19:24:03 | Deep Dive |
| CVE-2026-33121 | DataEase has SQL Injection via Datasource Save Flow | dataease | dataease | - | - | 2026-04-16 18:16:02 | Deep Dive |
| CVE-2026-33084 | DataEase has SQL Injection through its getFieldEnumObj Endpoint | dataease | dataease | - | - | 2026-04-16 18:14:07 | Deep Dive |
| CVE-2026-33083 | DataEase has SQL Injection in Order By Clause | dataease | dataease | - | - | 2026-04-16 17:52:37 | Deep Dive |
| CVE-2026-33082 | DataEase: SQL Injection in v2 Dataset Export | dataease | dataease | - | - | 2026-04-16 17:39:38 | Deep Dive |
| CVE-2026-5417 | Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery | Dataease | SQLbot | Medium | 4.7 | 2026-04-02 18:15:12 | Deep Dive |
| CVE-2026-32950 | SQLBot: RCE via SQL Injection in Excel Upload Endpoint | dataease | SQLBot | 中危 | - | 2026-03-20 04:14:46 | Deep Dive |
| CVE-2026-32949 | SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL | dataease | SQLBot | 中危 | - | 2026-03-20 04:08:43 | Deep Dive |
| CVE-2026-32939 | DataEase is Vulnerable to H2 JDBC RCE Bypass | dataease | dataease | 中危 | - | 2026-03-20 03:27:47 | Deep Dive |
| CVE-2026-32622 | SQLBot: Remote Code Execution via Terminology Poisoning | dataease | SQLBot | 中危 | - | 2026-03-19 20:55:52 | Deep Dive |
| CVE-2026-32140 | Dataease: Redshift JDBC RCE Bypass | dataease | dataease | - | - | 2026-03-12 18:04:50 | Deep Dive |
| CVE-2026-32139 | Dataease: Unfiltered active SVG content leads to Stored XSS | dataease | dataease | - | - | 2026-03-12 17:57:32 | Deep Dive |
| CVE-2026-32137 | DataEase SQL Injection Vulnerability | dataease | dataease | - | - | 2026-03-12 17:53:00 | Deep Dive |
| CVE-2025-15598 | Dataease SQLBot JWT Token auth.py validateEmbedded signature verification | Dataease | SQLBot | Low | 3.7 | 2026-03-03 09:32:07 | Deep Dive |
| CVE-2025-15597 | Dataease SQLBot API Endpoint assistant.py access control | Dataease | SQLBot | Medium | 6.3 | 2026-03-02 06:16:35 | Deep Dive |
| CVE-2026-23958 | DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover | dataease | dataease | - | - | 2026-01-22 01:42:12 | Deep Dive |