EUVD-2026-10236

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...

EUVD-2025-25408

Malicious code in bioql PyPI...

CVE-2025-9264 Xuxueli xxl-job Jobs JobInfoController.java remove resource injection

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

CVE-2025-9264

The CVE-2025-9264 issue affects Xuxueli xxl-job (up to version 3.1.1). It specifically concerns the remove function in /src/main/java/com/xxl/job/admin/controller/JobInfoController.java within the Jobs Handler component. The root cause is manipulation of the ID argument, resulting in improper con...

PT-2025-34169 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: Xuxueli xxl-job versions up to 3.1.1 Description: A vulnerability exists in Xuxueli xxl-job. The issue affects the remove function within the /src/main/java/com/xxl/job/admin/controller/JobInfoController.java file of the Jobs Handler componen...

Server-Side Request Forgery (SSRF)

xxl-job is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is caused due to improper validation of user-supplied input within JobInfoController.java. This allows an attacker to supply a malicious address, potentially leading to Server-Side Request Forgery SSRF...