Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

dataease — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting dataease. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products dataease:dataeaseSQLBot
CVE IDTitleCVSSSeverityPaused
CVE-2026-40901 DataEase: Quartz Deserialization → Remote Code Execution — dataeaseCWE-502 8.8AIHighAI2026-04-16
CVE-2026-40900 DataEase has SQL Injection via Stacked Queries — dataeaseCWE-89 8.8AIHighAI2026-04-16
CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability — dataeaseCWE-183 8.3AIHighAI2026-04-16
CVE-2026-33207 DataEase SQL Injection Vulnerability — dataeaseCWE-89 9.8AICriticalAI2026-04-16
CVE-2026-33122 DataEase has SQL Injection via Datasource Management — dataeaseCWE-89 8.8AIHighAI2026-04-16
CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow — dataeaseCWE-89 8.1AIHighAI2026-04-16
CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint — dataeaseCWE-89 7.5AIHighAI2026-04-16
CVE-2026-33083 DataEase has SQL Injection in Order By Clause — dataeaseCWE-89 8.8AIHighAI2026-04-16
CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export — dataeaseCWE-89 9.8AICriticalAI2026-04-16
CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery — SQLbotCWE-918 4.7 Medium2026-04-02
CVE-2026-32950 SQLBot: RCE via SQL Injection in Excel Upload Endpoint — SQLBotCWE-89 8.8 -2026-03-20
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL — SQLBotCWE-918 7.5 -2026-03-20
CVE-2026-32939 DataEase is Vulnerable to H2 JDBC RCE Bypass — dataeaseCWE-178 9.1 -2026-03-20
CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning — SQLBotCWE-862 8.8 -2026-03-19
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass — dataeaseCWE-22 8.0AIHighAI2026-03-12
CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS — dataeaseCWE-79 5.4AIMediumAI2026-03-12
CVE-2026-32137 DataEase SQL Injection Vulnerability — dataeaseCWE-89 9.8AICriticalAI2026-03-12
CVE-2025-15598 Dataease SQLBot JWT Token auth.py validateEmbedded signature verification — SQLBotCWE-347 3.7 Low2026-03-03
CVE-2025-15597 Dataease SQLBot API Endpoint assistant.py access control — SQLBotCWE-284 6.3 Medium2026-03-02
CVE-2026-23958 DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover — dataeaseCWE-522 9.8AICriticalAI2026-01-22
CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability — SQLBotCWE-306 9.8AICriticalAI2026-01-21
CVE-2025-64428 DataEase DB2 JNDI Vulnerability — dataeaseCWE-74 9.1 -2025-11-20
CVE-2025-64164 DataEase is vulnerable to Oracle JNDI Injection — dataeaseCWE-502 8.1 -2025-11-06
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF — dataeaseCWE-918 10.0 -2025-11-05
CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration — dataeaseCWE-502 9.8AICriticalAI2025-10-17
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass — dataeaseCWE-502 8.1AIHighAI2025-10-17
CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass — dataeaseCWE-79 5.4AIMediumAI2025-10-17
CVE-2025-62422 DataEase SQL injection vulnerability — dataeaseCWE-89 9.8AICriticalAI2025-10-17
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution — dataeaseCWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource — dataeaseCWE-502 9.8AICriticalAI2025-09-15

This page lists every published CVE security advisory associated with dataease. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.