Lucene search
K

27 matches found

NVD
NVD
added 2026/04/28 10:16 p.m.16 views

CVE-2026-7306

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

6.3CVSS0.00327EPSS
Exploits0References6
NVD
NVD
added 2026/04/28 10:16 p.m.7 views

CVE-2026-7305

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...

6.5CVSS0.00209EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/28 7:0 p.m.12 views

EUVD-2026-26148

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

6.3CVSS4.3AI score0.00418EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.7 views

PT-2026-23938

Name of the Vulnerable Software and Affected Versions xuxueli xxl-job versions up to 3.3.2 Description A server-side request forgery condition exists in xuxueli xxl-job. The issue is located in the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java, affecting an...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-5996

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00496EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/08/23 12:23 a.m.6 views

CVE-2025-9264

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

5.5CVSS7.3AI score0.00314EPSS
Exploits1References1
CVE
CVE
added 2025/08/20 11:32 p.m.32 views

CVE-2025-9264

The CVE-2025-9264 issue affects Xuxueli xxl-job (up to version 3.1.1). It specifically concerns the remove function in /src/main/java/com/xxl/job/admin/controller/JobInfoController.java within the Jobs Handler component. The root cause is manipulation of the ID argument, resulting in improper con...

5.5CVSS5.6AI score0.00314EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/07/18 4:15 p.m.6 views

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with...

6.3CVSS6AI score
Exploits0References4
CVE
CVE
added 2025/07/18 3:2 p.m.24 views

CVE-2025-7788

CVE-2025-7788 affects Xuxueli xxl-job up to 3.1.1. The vulnerable component is the commandJobHandler function in SampleXxlJob.java, enabling OS command injection with remote access. Exploit-public disclosures exist. Remediation: upgrade to a version beyond 3.1.1 and, as a workaround, restrict acc...

8.8CVSS7.2AI score0.05421EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.4 views

XXL-JOB 代码问题漏洞

XXL-JOB is a distributed task scheduling platform developed by Xuxueli. A code issue vulnerability exists in XXL-JOB 3.1.1 and earlier versions, which stems from a server-side request forgery attack due to misuse of the httpJobHandler function...

8.8CVSS6.5AI score0.00411EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/07/18 12:0 a.m.5 views

PT-2025-30048 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: xxl-job versions up to 3.1.1 Description: A flaw exists within the makeToken function located in src/main/java/com/xxl/job/admin/controller/IndexController.java of the Token Generation component. This issue involves password hashing with...

6.3CVSS4.1AI score0.0028EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/07/18 12:0 a.m.5 views

PT-2025-30044 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: xxl-job versions up to 3.1.1 Description: A critical issue exists in xxl-job. The httpJobHandler function within the srcmainjavacomxxljobexecutorservicejobhandlerSampleXxlJob.java file is susceptible to server-side request forgery SSRF. This...

6.5CVSS6.4AI score0.00411EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.4 views

XXL-JOB 安全漏洞

XXL-JOB is a distributed task scheduling platform by the individual developer Xu Xueli xuxueli. A security vulnerability exists in XXL-JOB 3.1.1 and earlier versions, which stems from an insufficient password hash calculation in the Token generation component...

6.3CVSS4.7AI score0.0028EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/07/18 12:0 a.m.7 views

PT-2025-30047 · Xuxueli · Xxl-Job

Name of the Vulnerable Software and Affected Versions: xxl-job versions up to 3.1.1 Description: A critical issue exists in Xuxueli xxl-job. The commandJobHandler function within the srcmainjavacomxxljobexecutorservicejobhandlerSampleXxlJob.java file is susceptible to OS command injection. This...

6.5CVSS6.8AI score0.05421EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.16 views

CVE-2024-24113

xxl-job = 2.4.1 has a Server-Side Request Forgery SSRF vulnerability, which causes low-privileged users to control executor to RCE...

8.8CVSS6.8AI score0.00565EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:53 a.m.6 views

CVE-2023-33779

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/...

8.8CVSS7.8AI score0.01128EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.5 views

CVE-2022-43183

XXL-Job before v2.3.1 contains a Server-Side Request Forgery SSRF via the component /admin/controller/JobLogController.java...

8.8CVSS6.9AI score0.01602EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 p.m.6 views

CVE-2022-29770

XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting XSS vulnerability via /xxl-job-admin/jobinfo...

5.4CVSS5.9AI score0.00496EPSS
Exploits1References1
NVD
NVD
added 2024/02/08 1:15 p.m.27 views

CVE-2024-24113

xxl-job = 2.4.1 has a Server-Side Request Forgery SSRF vulnerability, which causes low-privileged users to control executor to RCE...

8.8CVSS8.7AI score0.00565EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.4 views

XXL-JOB Code Issue Vulnerability

XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xue Li XXL-JOB community. A code issue vulnerability exists in xxl-job 2.4.1 and earlier versions, which stems from running a low-privilege user-controlled executor for RCE...

8.8CVSS7AI score0.00565EPSS
Exploits1References2
Rows per page
Query Builder