25 matches found
CVE-2026-48592 Missing authorization check on save-job event handler in oban_web
Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...
CVE-2026-4564
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
EUVD-2026-14341
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
CVE-2026-4564
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
Ruoyi 代码注入漏洞
Ruoyi is a backend management system developed by the RuoYi developer. Versions of RuoYi 4.8.2 and earlier had a code injection vulnerability. This vulnerability stemmed from improper handling of the invokeTarget parameter in the Quartz Job Handler component located in the file /monitor/job/...
CVE-2026-4564
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
PT-2026-27036
Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.2 Description A security issue exists in yangzongzhuan RuoYi, specifically within the Quartz Job Handler component. The issue involves code injection stemming from manipulation of the invokeTarget argumen...
CVE-2025-13250
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be us...
EUVD-2025-197730
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be us...
CVE-2025-13250
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be us...
CVE-2025-13250
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be us...
CVE-2025-13250 WeiYe-Jing datax-web Job triggerJob access control
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be us...
CVE-2025-13250 WeiYe-Jing datax-web Job triggerJob access control
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be us...
PT-2025-47086
Name of the Vulnerable Software and Affected Versions WeiYe-Jing datax-web versions up to 2.1.2 Description A flaw exists in the Job Handler component of WeiYe-Jing datax-web, specifically within the remove, update, pause, start, and triggerJob functions. This issue results in improper access...
DataX-Web 访问控制错误漏洞
DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developer. An access control error vulnerability exists in DataX-Web 2.1.2 and earlier versions, which stems from incorrect operation of the function remove/update/pause/start/triggerJob in the...
CVE-2025-12305
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...
CVE-2025-12305
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...
CVE-2025-12305
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...
CVE-2025-12305 quequnlong shiyi-blog Job SysJobController.java deserialization
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...
CVE-2025-12305
The CVE-2025-12305 issue affects quequnlong shiyi-blog up to version 1.2.1, specifically the Job Handler component and the SysJobController.java file. The vulnerability is a deserialization flaw that can be triggered remotely, with an exploit publicly available. Affected software: quequnlong shiy...