threat
engine
.sh
Back
·
··:··
Home
/
Product
/
dataease
Product
dataease
71 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-40901
< 2.10.21
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar,
8.8
HIGH
CVE-2026-40900
< 2.10.21
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerabi
8.8
HIGH
CVE-2026-40899
< 2.10.21
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklis
6.5
MEDIUM
CVE-2026-33207
< 2.10.21
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerabi
8.8
HIGH
CVE-2026-33122
< 2.10.21
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerabi
9.8
CRITICAL
CVE-2026-33121
< 2.10.21
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerabi
8.8
HIGH
CVE-2026-33084
< 2.10.21
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerabi
8.8
HIGH
CVE-2026-33083
< 2.10.21
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerabi
8.8
HIGH
CVE-2026-33082
< 2.10.21
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in t
9.8
CRITICAL
CVE-2026-32939
< 2.10.20
DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between
8.1
HIGH
CVE-2026-32140
< 2.10.20
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker c
8.8
HIGH
CVE-2026-32139
< 2.10.20
Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface
5.4
MEDIUM
CVE-2026-32137
< 2.10.20
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewD
8.8
HIGH
CVE-2026-23958
< 2.10.19
Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s
9.8
CRITICAL
CVE-2025-64428
< 2.10.17
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blackli
9.8
CRITICAL
CVE-2025-64164
< 2.10.15
Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when
9.8
CRITICAL
CVE-2025-64163
< 2.10.15
DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter
9.8
CRITICAL
CVE-2025-62422
< 2.10.14
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tab
8.8
HIGH
CVE-2025-62421
< 2.10.14
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulne
5.4
MEDIUM
CVE-2025-62420
< 2.10.14
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability
8.8
HIGH
CVE-2025-62419
< 2.10.14
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability
7.5
HIGH
CVE-2025-58748
< 2.10.13
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implem
9.8
CRITICAL
CVE-2025-58046
< 2.10.13
Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data sour
9.8
CRITICAL
CVE-2025-58045
< 2.10.13
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to
9.8
CRITICAL
CVE-2025-57773
< 2.10.12
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are
9.8
CRITICAL
CVE-2025-57772
< 2.10.12
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE byp
9.8
CRITICAL
CVE-2025-53006
< 2.10.11
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Red
9.8
CRITICAL
CVE-2025-53005
< 2.10.11
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerab
9.8
CRITICAL
CVE-2025-53004
< 2.10.11
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerab
9.8
CRITICAL
CVE-2025-49003
< 2.10.11
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take ad
9.8
CRITICAL
CVE-2025-49002
< 2.10.10
DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the
9.8
CRITICAL
CVE-2025-49001
<= 2.10.10
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does n
9.8
CRITICAL
CVE-2025-48999
< 2.10.10
DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in version
8.8
HIGH
CVE-2025-48998
< 2.10.6
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for C
8.8
HIGH
CVE-2025-46566
< 2.10.9
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through t
9.8
CRITICAL
CVE-2025-32966
< 2.10.8
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.8, authenticated users can complete RCE through t
9.8
CRITICAL
CVE-2025-27138
< 2.10.6
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the auth
9.8
CRITICAL
CVE-2025-27103
< 2.10.6
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for
6.5
MEDIUM
CVE-2025-24974
< 2.10.6
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can rea
6.5
MEDIUM
CVE-2024-57707
all versions
An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.
9.8
CRITICAL
CVE-2024-56511
< 2.10.4
DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.data
9.8
CRITICAL
CVE-2024-55953
< 1.18.27
DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the backg
8.1
HIGH
CVE-2024-55952
< 1.18.27
DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connect
8.8
HIGH
CVE-2024-52295
< 2.10.2
DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over
9.8
CRITICAL
CVE-2024-47073
< 2.10.2
DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business
9.1
CRITICAL
CVE-2024-47074
< 1.18.25
DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function c
9.8
CRITICAL
CVE-2024-46997
< 2.10.1
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execu
9.8
CRITICAL
CVE-2024-46985
< 2.10.1
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vu
7.5
HIGH
CVE-2024-31441
< 1.18.19
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the
7.5
HIGH
CVE-2024-30269
< 2.5.0
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability pri
5.3
MEDIUM
CVE-2024-23328
< 1.18.15
Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, wh
9.1
CRITICAL
CVE-2023-40183
< 1.18.11
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allow
7.5
HIGH
CVE-2023-40771
all versions
SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string out
7.5
HIGH
CVE-2023-37258
< 1.18.9
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability t
8.8
HIGH
CVE-2023-37257
< 1.18.9
DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored
5.4
MEDIUM
CVE-2023-35164
< 1.18.8
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected ver
6.3
MEDIUM
CVE-2023-35168
< 1.18.8
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versio
6.5
MEDIUM
CVE-2023-34463
< 1.18.8
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected ver
8.1
HIGH
CVE-2023-33963
< 1.18.7
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists i
9.8
CRITICAL
CVE-2023-32310
< 1.18.7
DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system
8.1
HIGH
CVE-2023-28637
< 1.18.5
DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data so
8.0
HIGH
CVE-2023-28437
< 1.18.5
Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. Th
9.8
CRITICAL
CVE-2023-28435
< 1.18.5
Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so u
6.5
MEDIUM
CVE-2023-25807
< 1.18.3
DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can b
7.2
HIGH
CVE-2021-38239
< 1.2.0
SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /
7.5
HIGH
CVE-2022-39312
< 1.15.2
Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Data
9.8
CRITICAL
CVE-2022-34115
all versions
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.
9.8
CRITICAL
CVE-2022-34114
all versions
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
8.8
HIGH
CVE-2022-34113
all versions
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.
9.8
CRITICAL
CVE-2022-34112
all versions
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plug
6.5
MEDIUM
CVE-2022-23331
all versions
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator pa
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin