xxl-job has a Resource Injection issue

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

CVE-2026-7303

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

CVE-2026-7303

The CVE-2026-7303 affects Xuxueli XXL-Job up to version 3.3.2, specifically the logDetailCat function in JobLogController.java (Execution Log Handler). Manipulating the logId argument can cause improper control of resource identifiers and may be exploitable remotely. Exploitability is described a...

EUVD-2026-26148

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

XXL-JOB 安全漏洞

XXL-JOB is a distributed task scheduling platform developed by xuxueli. Versions of XXL-JOB 3.3.2 and earlier contain security vulnerabilities. These vulnerabilities stem from improper control of resource identifiers due to the parameter logId in the function logDetailCat of the Execution Log...

PT-2026-35824

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

EUVD-2026-4742

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

PT-2026-5022

Name of the Vulnerable Software and Affected Versions Squidex versions up to and including 7.21.0 Description Squidex is an open source headless content management system and content management hub. Versions up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules...

EUVD-2019-13654

Malware in sbrugna...

CVE-2024-49849

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 All versions, SIMATIC S7-PLCSIM V17 All versions, SIMATIC STEP 7 Safety V16 All versions, SIMATIC STEP 7 Safety V17 All versions V17 Update 9, SIMATIC STEP 7 Safety V18 All versions, SIMATIC STEP 7 Safety V19 All versions V19 Update 4,...

CVE-2024-43363 Remote code execution via Log Poisoning in Cacti

Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process completing only step 5 of the installation process is enough, no need to complete the steps before or after it to...

SUSE-SU-2019:1122-1 Security update for hostinfo, supportutils

This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. -...

Information disclosure

IBM Jazz Reporting Service JRS 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243...

CVE-2019-4047

IBM Jazz Reporting Service JRS 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243...

CVE-2019-4047

IBM Jazz Reporting Service JRS 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243...

PT-2019-16861 · Ibm · Ibm Jazz Reporting Service

Name of the Vulnerable Software and Affected Versions: IBM Jazz Reporting Service JRS version 6.0.6 Description: The issue allows an authenticated user to access the execution log files as a guest user, potentially obtaining server execution information. Recommendations: For IBM Jazz Reporting...

Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2019-4047)

Summary There is a security vulnerability in the Lifecycle Query Engine LQE shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2019-4047 DESCRIPTION: IBM Jazz Reporting Service JRS could allow an authenticated user to access the execution log files as a guest user, and obtain t...