40 matches found
WeiYe-Jing datax-web <= 2.1.2 - OS Command Injection
A vulnerability, which was classified as critical, has been found in WeiYe-Jing datax-web 2.1.2. Affected by this issue is some unknown functionality of the file /api/log/killJob of the component HTTP POST Request Handler. The manipulation of the argument processId leads to os command injection...
CVE-2025-13251
A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2025-13250
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be us...
EUVD-2025-197731
A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2025-13251
A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2025-13251
A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2025-13251 WeiYe-Jing datax-web sql injection
A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2025-13251 WeiYe-Jing datax-web sql injection
A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2025-13251
The CVE-2025-13251 entry concerns WeiYe-Jing datax-web up to 2.1.2, where an unknown function can be manipulated to cause SQL injection. Multiple sources (NVD, Red Hat RH:CVE-2025-13251, CNNVD-202511-1817, EUVD-2025-197731, osv) describe remote exploitation with published exploits. Impact is desc...
CVE-2025-13250
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be us...
CVE-2025-13250
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be us...
CVE-2025-13250 WeiYe-Jing datax-web Job triggerJob access control
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be us...
CVE-2025-13250
The CVE-2025-13250 vulnerability affects WeiYe-Jing datax-web (up to 2.1.2), specifically the Job Handler’s remove, update, pause, start, and triggerJob functions. The described flaw causes improper access controls and can be exploited remotely; multiple sources confirm public exploitation vector...
PT-2025-47087
Name of the Vulnerable Software and Affected Versions WeiYe-Jing datax-web versions up to 2.1.2 Description A flaw exists in WeiYe-Jing datax-web that can lead to SQL injection. The issue is present in an unknown function and may be exploited remotely by executing manipulation. The exploit has be...
DataX-Web SQL注入漏洞
DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's individual developers. A SQL injection vulnerability exists in DataX-Web 2.1.2 and earlier versions, which stems from a misbehavior of an unknown function and could lead to a SQL injection attack...
PT-2025-47086
Name of the Vulnerable Software and Affected Versions WeiYe-Jing datax-web versions up to 2.1.2 Description A flaw exists in the Job Handler component of WeiYe-Jing datax-web, specifically within the remove, update, pause, start, and triggerJob functions. This issue results in improper access...
DataX-Web 访问控制错误漏洞
DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's personal developer. An access control error vulnerability exists in DataX-Web 2.1.2 and earlier versions, which stems from incorrect operation of the function remove/update/pause/start/triggerJob in the...
EUVD-2022-49282
Malicious code in bioql PyPI...
EUVD-2024-50803
Malicious code in bioql PyPI...
CVE-2022-46478
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...