Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dataease — Vulnerabilities & Security Advisories 63

All 63 CVE vulnerabilities found in dataease, with AI-generated Chinese analysis, references, and POCs.

Vendor: dataease

CVE IDTitleCVSSSeverityPublished
CVE-2026-40901 DataEase: Quartz Deserialization → Remote Code Execution CWE-502 8.8AIHighAI2026-04-16
CVE-2026-40900 DataEase has SQL Injection via Stacked Queries CWE-89 8.8AIHighAI2026-04-16
CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability CWE-183 8.3AIHighAI2026-04-16
CVE-2026-33207 DataEase SQL Injection Vulnerability CWE-89 9.8AICriticalAI2026-04-16
CVE-2026-33122 DataEase has SQL Injection via Datasource Management CWE-89 8.8AIHighAI2026-04-16
CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow CWE-89 8.1AIHighAI2026-04-16
CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint CWE-89 7.5AIHighAI2026-04-16
CVE-2026-33083 DataEase has SQL Injection in Order By Clause CWE-89 8.8AIHighAI2026-04-16
CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export CWE-89 9.8AICriticalAI2026-04-16
CVE-2026-32939 DataEase is Vulnerable to H2 JDBC RCE Bypass CWE-178 9.1 -2026-03-20
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass CWE-22 8.0AIHighAI2026-03-12
CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS CWE-79 5.4AIMediumAI2026-03-12
CVE-2026-32137 DataEase SQL Injection Vulnerability CWE-89 9.8AICriticalAI2026-03-12
CVE-2026-23958 DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover CWE-522 9.8AICriticalAI2026-01-22
CVE-2025-64428 DataEase DB2 JNDI Vulnerability CWE-74 9.1 -2025-11-20
CVE-2025-64164 DataEase is vulnerable to Oracle JNDI Injection CWE-502 8.1 -2025-11-06
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF CWE-918 10.0 -2025-11-05
CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration CWE-502 9.8AICriticalAI2025-10-17
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass CWE-502 8.1AIHighAI2025-10-17
CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass CWE-79 5.4AIMediumAI2025-10-17
CVE-2025-62422 DataEase SQL injection vulnerability CWE-89 9.8AICriticalAI2025-10-17
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution CWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource CWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter CWE-918 9.8AICriticalAI2025-09-15
CVE-2025-57772 Dataease H2 JDBC RCE Bypass CWE-94 9.1AICriticalAI2025-08-25
CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability CWE-502 8.8AIHighAI2025-08-25
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability CWE-153 9.1AICriticalAI2025-07-02
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability CWE-153 8.8AIHighAI2025-07-01
CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability CWE-153 8.8AIHighAI2025-06-30
CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution CWE-153 9.8AICriticalAI2025-06-26

All 63 known CVE vulnerabilities affecting dataease with full Chinese analysis, references, and POCs where available.