Vulnerabilities > Dataease > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-23 | CVE-2024-46985 | XXE vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 7.5 |
| 2023-09-01 | CVE-2023-40771 | SQL Injection vulnerability in Dataease 1.18.9 SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. | 7.5 |
| 2023-06-26 | CVE-2023-34463 | Missing Authorization vulnerability in Dataease DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. | 8.1 |
| 2023-06-01 | CVE-2023-32310 | Authorization Bypass Through User-Controlled Key vulnerability in Dataease DataEase is an open source data visualization and analysis tool. | 8.1 |
| 2023-02-15 | CVE-2021-38239 | SQL Injection vulnerability in Dataease SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10. | 7.5 |
| 2022-02-08 | CVE-2022-23331 | Unspecified vulnerability in Dataease 1.6.1 In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password. | 8.8 |