27 matches found
CVE-2026-7306
A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...
CVE-2026-7305
A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...
EUVD-2026-26148
A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...
PT-2026-23938
Name of the Vulnerable Software and Affected Versions xuxueli xxl-job versions up to 3.3.2 Description A server-side request forgery condition exists in xuxueli xxl-job. The issue is located in the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java, affecting an...
EUVD-2022-5996
Malicious code in bioql PyPI...
CVE-2025-9264
A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...
CVE-2025-9264
The CVE-2025-9264 issue affects Xuxueli xxl-job (up to version 3.1.1). It specifically concerns the remove function in /src/main/java/com/xxl/job/admin/controller/JobInfoController.java within the Jobs Handler component. The root cause is manipulation of the ID argument, resulting in improper con...
CVE-2025-7789
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with...
CVE-2025-7788
CVE-2025-7788 affects Xuxueli xxl-job up to 3.1.1. The vulnerable component is the commandJobHandler function in SampleXxlJob.java, enabling OS command injection with remote access. Exploit-public disclosures exist. Remediation: upgrade to a version beyond 3.1.1 and, as a workaround, restrict acc...
XXL-JOB 代码问题漏洞
XXL-JOB is a distributed task scheduling platform developed by Xuxueli. A code issue vulnerability exists in XXL-JOB 3.1.1 and earlier versions, which stems from a server-side request forgery attack due to misuse of the httpJobHandler function...
PT-2025-30048 · Xxl-Job · Xxl-Job
Name of the Vulnerable Software and Affected Versions: xxl-job versions up to 3.1.1 Description: A flaw exists within the makeToken function located in src/main/java/com/xxl/job/admin/controller/IndexController.java of the Token Generation component. This issue involves password hashing with...
PT-2025-30044 · Xxl-Job · Xxl-Job
Name of the Vulnerable Software and Affected Versions: xxl-job versions up to 3.1.1 Description: A critical issue exists in xxl-job. The httpJobHandler function within the srcmainjavacomxxljobexecutorservicejobhandlerSampleXxlJob.java file is susceptible to server-side request forgery SSRF. This...
XXL-JOB 安全漏洞
XXL-JOB is a distributed task scheduling platform by the individual developer Xu Xueli xuxueli. A security vulnerability exists in XXL-JOB 3.1.1 and earlier versions, which stems from an insufficient password hash calculation in the Token generation component...
PT-2025-30047 · Xuxueli · Xxl-Job
Name of the Vulnerable Software and Affected Versions: xxl-job versions up to 3.1.1 Description: A critical issue exists in Xuxueli xxl-job. The commandJobHandler function within the srcmainjavacomxxljobexecutorservicejobhandlerSampleXxlJob.java file is susceptible to OS command injection. This...
CVE-2024-24113
xxl-job = 2.4.1 has a Server-Side Request Forgery SSRF vulnerability, which causes low-privileged users to control executor to RCE...
CVE-2023-33779
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/...
CVE-2022-43183
XXL-Job before v2.3.1 contains a Server-Side Request Forgery SSRF via the component /admin/controller/JobLogController.java...
CVE-2022-29770
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting XSS vulnerability via /xxl-job-admin/jobinfo...
CVE-2024-24113
xxl-job = 2.4.1 has a Server-Side Request Forgery SSRF vulnerability, which causes low-privileged users to control executor to RCE...
XXL-JOB Code Issue Vulnerability
XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xue Li XXL-JOB community. A code issue vulnerability exists in xxl-job 2.4.1 and earlier versions, which stems from running a low-privilege user-controlled executor for RCE...