PowerJob V4.3.1 - Authentication Bypass

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. id: CVE-2023-29922 info: name: PowerJob V4.3.1 - Authentication Bypass author: Co5mos severity: medium description: | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save...

PowerJob <=4.3.2 - Unauthenticated Access

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...

CVE-2026-5736

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...

EUVD-2026-19896

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

GHSA-WPWF-V25W-54G3 PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

PowerJob's GroovyEvaluator.evaluate endpoint vulnerable to code injection

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

GHSA-4FP2-3XGG-JG4W PowerJob vulnerable to SQL injection

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...

PowerJob vulnerable to SQL injection

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...

EUVD-2026-19893

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...

CVE-2026-5739

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the customQuery argument in the detailPlus endpoint. An attacker can execute arbitrary SQL commands by supplying crafted input remotely. Remediation There is no fixed version for tech.powerjob:powerjob-server-starter...

tech.powerjob:powerjob-server-starter (>=4.3.1 <=5.1.1) potentially affected by CVE-2026-5739 via tech.powerjob:powerjob-server-core (>=4.3.1 <=5.1.1)

tech.powerjob:powerjob-server-core MAVEN version =4.3.1, =4.3.1, =5.1.1 Source cves: CVE-2026-5739 Source advisory: SNYK:JAVA-TECHPOWERJOB-15928844...

Arbitrary Code Injection

Overview tech.powerjob:powerjob-server-core is an enterprise job scheduling middleware with distributed computing ability Affected versions of this package are vulnerable to Arbitrary Code Injection via the GroovyEvaluator.evaluate function in the /openApi/addWorkflowNode endpoint when processing...

CVE-2026-5736

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...

CVE-2026-5739 PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

CVE-2026-5739

PowerJob versions 5.1.0/5.1.1/5.1.2 contain a code injection vulnerability in the OpenAPI Endpoint’s GroovyEvaluator.evaluate function (file /openApi/addWorkflowNode). Manipulating the argument nodeParams allows remote code execution. The issue is confirmed in multiple sources (CVE-2026-5739 and ...

CVE-2026-5739

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

CVE-2026-5739 PowerJob OpenAPI Endpoint addWorkflowNode GroovyEvaluator.evaluate code injection

A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The attack can be execute...

CVE-2026-5736

CVE-2026-5736 affects PowerJob 5.1.0/5.1.1/5.1.2. The vulnerability resides in the detailPlus Endpoint component (InstanceController.java under powerjob-server/powerjob-server-starter) where manipulating the argument customQuery leads to SQL injection. This allows remote exploitation and could im...

CVE-2026-5736 PowerJob detailPlus Endpoint InstanceController.java sql injection

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...