52 matches found
EUVD-2026-44843
A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...
EUVD-2026-44844
Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script...
CVE-2026-26719
Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script...
CVE-2026-26718
A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...
CVE-2026-26719
Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script...
CVE-2026-26718
A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...
PT-2026-60330
Name of the Vulnerable Software and Affected Versions xxl-job-admin version 3.0.0 Description A Cross-Site Request Forgery CSRF issue exists in the web application. This occurs because a specific endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods through a permissive...
CVE-2026-26718
A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...
CVE-2026-26719
Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script...
Resource Injection
Overview Affected versions of this package are vulnerable to Resource Injection via the logDetailCat function in the Execution Log Handler. An attacker can access unauthorized resources by obtaining a valid logId and sending requests directly to logDetailCat endpoint. Remediation Upgrade...
EUVD-2023-3060
Malicious code in bioql PyPI...
EUVD-2023-2867
Malicious code in bioql PyPI...
EUVD-2023-2894
Malicious code in bioql PyPI...
CVE-2023-48089
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution RCE via /xxl-job-admin/jobcode/save...
CVE-2023-48088
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting XSS via /xxl-job-admin/joblog/logDetailPage...
CVE-2023-48087
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat...
xxl-job-admin vulnerable to Cross Site Scripting
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting XSS via /xxl-job-admin/joblog/logDetailPage...
xxl-job-admin vulnerable to Remote Code Execution
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution RCE via /xxl-job-admin/jobcode/save...
xxl-job-admin vulnerable to Insecure Permissions
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat...
GHSA-3W8R-3JH9-89V9 xxl-job-admin vulnerable to Insecure Permissions
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat...