14 matches found
CVE-2025-63690
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...
CVE-2025-63691
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...
CVE-2025-63691
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...
CVE-2025-63691
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...
CVE-2025-63690
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...
CVE-2025-63690
The vulnerability CVE-2025-63690 affects pig-mesh Pig versions 3.8.2 and earlier, in the Quartz management function under the system management module. The issue stems from allowing reflection to instantiate any Java class with a parameterless constructor and invoke methods with String parameters...
PT-2025-45451
Name of the Vulnerable Software and Affected Versions Pig-mesh In Pig versions 3.8.2 and below Description The token query interface '/api/admin/sys-token/page' within the Token Management function of the System Management module suffers from insufficient permission verification. Any authenticate...
CVE-2025-63690
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...
CVE-2025-63691
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...
pig 安全漏洞
pig is a privilege management system for pig-mesh open source. A security vulnerability exists in pig 3.8.2 and earlier versions, which originates in the Quartz management feature that can execute arbitrary Java classes via reflection, potentially leading to remote code execution...
PT-2025-45450
Name of the Vulnerable Software and Affected Versions pig-mesh versions 3.8.2 and below Description The software contains a flaw that allows for remote code execution. Specifically, when configuring scheduled tasks within the Quartz management function, located in the system management module, it...
CVE-2025-63690
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...
CVE-2025-63691
In pig-mesh Pig 3.8.2 and earlier, the /api/admin/sys-token/page token query endpoint in the Token Management function (System Management) has improper permission checks, enabling information leakage. Any authenticated user can call this endpoint and retrieve plaintext authentication Tokens for a...
CVE-2025-63691
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...