CVE-2026-33083 | DataEase up to 2.10.20 enumValueDs Order2SQLObj sql injection (GHSA-f443-95cf-m837)

Inserito da Angelo Barbosa | Apr 16, 2026 | CVE

A vulnerability marked as critical has been reported in DataEase up to 2.10.20. This impacts the function Order2SQLObj of the file /de2api/datasetData/enumValueDs. This manipulation causes sql injection.

The identification of this vulnerability is CVE-2026-33083. It is possible to initiate the attack remotely. There is no exploit available.

It is suggested to upgrade the affected component.

CVE-2026-33083 | DataEase up to 2.10.20 enumValueDs Order2SQLObj sql injection (GHSA-f443-95cf-m837)

Post correlati

CVE-2025-49590 | CryptPad 1.1.1/3.0.0 Link Bouncer incomplete denylist to cross-site scripting (GHSA-vq9h-x3gr-v8rj)

CVE-2024-52544 | Lorex 2K Indoor Wi-Fi Security Camera prior 2.800.0000000.8.R.20241111 Service TCP Port 3500 out-of-bounds write

CVE-2023-42801 | moonlight-stream moonlight-common-c GameStream Client buffer overflow (GHSA-f3h8-j898-5h5v)

CVE-2024-57637 | openlink virtuoso-opensource 7.2.11 SQL dfe_unit_gb_dependant denial of service (Issue 1192)