Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

dataease — Vulnerabilities & Security Advisories 64

All 64 CVE vulnerabilities found in dataease, with AI-generated Chinese analysis, references, and POCs.

This page presents a comprehensive vulnerability aggregation report for DataEase, focusing on security weaknesses identified within the data visualization and analytics platform. The collection aggregates data from multiple trusted sources, including vendor advisories, public databases, and community disclosures, ensuring a broad and accurate view of the product's security landscape. The entries span a historical period starting from the early development phases of the software through to the most recent updates, covering both legacy and modern versions to provide context for ongoing maintenance and upgrade decisions. By reviewing this data, users can effectively track DataEase’s advisory history to stay informed about patches and mitigation strategies released by the developers. It also allows security professionals to understand specific weakness classes that frequently affect the application, helping them prioritize testing and hardening efforts based on actual exposure rather than theoretical risks. Furthermore, this resource serves as a lookup tool for the product’s vulnerability history, enabling teams to assess the impact of specific flaws on their environments and verify whether their current deployment is affected. The content is structured to facilitate quick analysis of trends, such as the frequency of issues in authentication, data access, or system integration components. This plain text overview supports informed decision-making for IT administrators and security analysts who need to maintain the integrity and confidentiality of their DataEase installations without wading through unstructured or redundant information.

Vendor: dataease

CVE IDTitleCVSSSeverityPublished
CVE-2026-8724 Dataease Data Dashboard SqlparserUtils.java SqlparserUtils.transFilter sql injection CWE-89 4.7 Medium2026-05-17
CVE-2026-40901 DataEase: Quartz Deserialization → Remote Code Execution CWE-502 8.8AIHighAI2026-04-16
CVE-2026-40900 DataEase has SQL Injection via Stacked Queries CWE-89 8.8AIHighAI2026-04-16
CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability CWE-183 8.3AIHighAI2026-04-16
CVE-2026-33207 DataEase SQL Injection Vulnerability CWE-89 9.8AICriticalAI2026-04-16
CVE-2026-33122 DataEase has SQL Injection via Datasource Management CWE-89 8.8AIHighAI2026-04-16
CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow CWE-89 8.1AIHighAI2026-04-16
CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint CWE-89 7.5AIHighAI2026-04-16
CVE-2026-33083 DataEase has SQL Injection in Order By Clause CWE-89 8.8AIHighAI2026-04-16
CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export CWE-89 9.8AICriticalAI2026-04-16
CVE-2026-32939 DataEase is Vulnerable to H2 JDBC RCE Bypass CWE-178 9.1 -2026-03-20
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass CWE-22 8.0AIHighAI2026-03-12
CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS CWE-79 5.4AIMediumAI2026-03-12
CVE-2026-32137 DataEase SQL Injection Vulnerability CWE-89 9.8AICriticalAI2026-03-12
CVE-2026-23958 DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover CWE-522 9.8AICriticalAI2026-01-22
CVE-2025-64428 DataEase DB2 JNDI Vulnerability CWE-74 9.1 -2025-11-20
CVE-2025-64164 DataEase is vulnerable to Oracle JNDI Injection CWE-502 8.1 -2025-11-06
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF CWE-918 10.0 -2025-11-05
CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration CWE-502 9.8AICriticalAI2025-10-17
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass CWE-502 8.1AIHighAI2025-10-17
CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass CWE-79 5.4AIMediumAI2025-10-17
CVE-2025-62422 DataEase SQL injection vulnerability CWE-89 9.8AICriticalAI2025-10-17
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution CWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource CWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter CWE-918 9.8AICriticalAI2025-09-15
CVE-2025-57772 Dataease H2 JDBC RCE Bypass CWE-94 9.1AICriticalAI2025-08-25
CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability CWE-502 8.8AIHighAI2025-08-25
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability CWE-153 9.1AICriticalAI2025-07-02
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability CWE-153 8.8AIHighAI2025-07-01
CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability CWE-153 8.8AIHighAI2025-06-30

All 64 known CVE vulnerabilities affecting dataease with full Chinese analysis, references, and POCs where available.