CVE-2025-8775 Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload

A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...

CVE-2025-8775

The CVE-2025-8775 affects Qiyuesuo Eelectronic Signature Platform versions up to 4.34. The vulnerability is in the execute function of /api/code/upload within the Scheduled Task Handler; manipulating the File argument enables unrestricted file uploads and could be exploited remotely. The exploit ...

CVE-2025-8775 Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload

A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...

PT-2025-32456 · Unknown · Qiyuesuo Eelectronic Signature Platform

Name of the Vulnerable Software and Affected Versions: Qiyuesuo Eelectronic Signature Platform versions up to 4.34 Description: A critical issue exists in Qiyuesuo Eelectronic Signature Platform, potentially allowing for unrestricted file uploads. The execute function within the /api/code/upload...

CVE-2024-6252

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The...

CVE-2022-4322

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

CVE-2021-4257

A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The...

CVE-2025-3816

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-3816 westboy CicadasCMS Scheduled Task save os command injection

A vulnerability classified as critical was found in westboy CicadasCMS 2.0. This vulnerability affects unknown code of the file /system/schedule/save of the component Scheduled Task Handler. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been...

PT-2025-17386 · Westboy · Cicadascms

Name of the Vulnerable Software and Affected Versions: westboy CicadasCMS version 2.0 Description: A critical issue was found in the Scheduled Task Handler component, specifically affecting the /system/schedule/save file. This issue leads to os command injection and can be initiated remotely. The...

CVE-2024-6252

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The...

CVE-2024-6252

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The...

CVE-2024-6252

Zorlan SkyCaiji

CVE-2024-6252 Zorlan SkyCaiji Task cross site scripting

A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The...

PT-2024-37484 · Unknown · Zorlan Skycaiji

Name of the Vulnerable Software and Affected Versions: Zorlan SkyCaiji versions up to 2.8 Description: A vulnerability has been found in the Task Handler component of Zorlan SkyCaiji, allowing for cross-site scripting XSS attacks. The manipulation of the onerror argument leads to this issue. The...

Improper Preservation Of Permissions

Apache Airflow is vulnerable to Improper Preservation of Permissions. This vulnerability is caused due to Airflow's local file task handler incorrectly setting permissions for parent folders of the log folder, potentially granting unintended group write access...

Apache Airflow Security Bypass Vulnerability (CNVD-2024-26538)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security bypass vulnerability exists in Apache Airflow versions 2.8.2 through 2.8...

GHSA-CFF3-5QRP-HQX7 Apache Airflow Improper Preservation of Permissions vulnerability

Improper Preservation of Permissions vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

CVE-2024-29735

CVE-2024-29735 affects Apache Airflow (versions 2.8.2–2.8.3) due to the local file task handler incorrectly setting permissions on parent folders of the log directory, potentially granting group write access. The issue can impact log storage paths, and, if the home directory becomes group-writabl...