Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dataease — Vulnerabilities & Security Advisories 63

All 63 CVE vulnerabilities found in dataease, with AI-generated Chinese analysis, references, and POCs.

Vendor: dataease

CVE IDTitleCVSSSeverityPublished
CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability CWE-290 8.2AIHighAI2025-06-03
CVE-2025-49001 Dataease Authentication Bypass Vulnerability CWE-287 5.3AIMediumAI2025-06-03
CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability CWE-923 7.5AIHighAI2025-06-03
CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability CWE-89 8.8AIHighAI2025-06-03
CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution CWE-923 8.8AIHighAI2025-05-01
CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution CWE-290 8.8 -2025-04-23
CVE-2025-27138 DataEase has an improper authentication vulnerability CWE-287 9.1 -2025-03-13
CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​ CWE-89 8.8 -2025-03-13
CVE-2025-24974 DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability CWE-862 8.8 -2025-03-13
CVE-2024-56511 DataEase has an unauthorized vulnerability CWE-289 9.1 -2025-01-10
CVE-2024-55952 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability CWE-20 8.8 -2024-12-18
CVE-2024-55953 Dataease Mysql JDBC Connection Parameters Not Verified Leads to Deserialization and Arbitrary File Read Vulnerability CWE-89 8.8 -2024-12-18
CVE-2024-52295 DataEase has a forged JWT token vulnerability CWE-798 9.8AICriticalAI2024-11-13
CVE-2024-47073 Dataease arbitrary interface access vulnerability CWE-347 9.1AICriticalAI2024-11-07
CVE-2024-47074 Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability CWE-502 9.8AICriticalAI2024-10-11
CVE-2024-46997 DataEase's H2 datasource has a remote command execution risk CWE-74 9.8 Critical2024-09-23
CVE-2024-46985 DataEase has an XXE vulnerability CWE-611 7.5 High2024-09-23
CVE-2024-31441 Arbitrary File Reading in DataEase CWE-863 7.5 High2024-05-10
CVE-2024-30269 DataEase has database configuration information exposure vulnerability CWE-200 5.3 Medium2024-04-08
CVE-2024-23328 The Dataease datasource exists deserialization and arbitrary file read vulnerability CWE-502 9.1 Critical2024-02-01
CVE-2023-40183 DataEase has a vulnerability to obtain user cookies CWE-434 7.5 High2023-09-21
CVE-2023-37258 DataEase has a SQL injection vulnerability that can bypass blacklists CWE-89 8.8 High2023-07-25
CVE-2023-37257 The DataEase panel and dataset have a stored XSS vulnerability CWE-79 5.4 Medium2023-07-25
CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase CWE-862 6.3 Medium2023-06-26
CVE-2023-34463 Unauthorized users can delete applications in DataEase CWE-862 8.1 High2023-06-26
CVE-2023-35168 DataEase has a privilege bypass vulnerability CWE-732 6.5 Medium2023-06-26
CVE-2023-33963 DataEase data source has deserialization vulnerability CWE-502 9.8 Critical2023-06-01
CVE-2023-32310 DataEase API interface has IDOR vulnerability CWE-639 8.1 High2023-06-01
CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability CWE-74 8.0 High2023-03-28
CVE-2023-28437 SQL injection vulnerability due to the keyword blacklist for defending against SQL injection will be bypassed CWE-89 9.8 Critical2023-03-24

All 63 known CVE vulnerabilities affecting dataease with full Chinese analysis, references, and POCs where available.