Lucene search
K

15 matches found

NVD
NVD
added 2026/07/01 5:16 p.m.9 views

CVE-2026-34102

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:8 p.m.12 views

CVE-2026-34099

The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:8 p.m.35 views

CVE-2026-34099 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS0.00459EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:8 p.m.6 views

EUVD-2026-41056

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54735

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated attacker can perform error-based SQL injection by sending crafted values to the id parameter via a GET request to the 'job info.php' endpoint. The issue...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/09 1:59 p.m.6 views

CVE-2026-3733

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...

6.5CVSS5.5AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/03/08 11:15 a.m.6 views

CVE-2026-3733

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...

6.5CVSS0.00214EPSS
Exploits0References6
OSV
OSV
added 2026/03/08 11:2 a.m.7 views

CVE-2026-3733 xuxueli xxl-job JobInfoController.java server-side request forgery

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...

5.3CVSS6.2AI score0.00214EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/08 11:2 a.m.5 views

CVE-2026-3733

A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. The explo...

6.5CVSS5.5AI score0.00214EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/03/08 11:2 a.m.17 views

CVE-2026-3733

CVE-2026-3733 affects xuxueli xxl-job up to 3.3.2. The vulnerability resides in an unspecified function within JobInfoController.java and enables server-side request forgery. The issue appears exploitable remotely, and public exploit code is available. Documentation describes an access control st...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.5 views

XXL-JOB 代码问题漏洞

XXL-JOB is a distributed task scheduling platform developed by Xuxueli. Versions of xxl-job 3.3.2 and earlier have code vulnerabilities. These vulnerabilities stem from operations on unknown functions in the JobInfoController.java file, which may lead to server-side request forgery attacks...

6.5CVSS6.7AI score0.00214EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/08/23 12:23 a.m.6 views

CVE-2025-9264

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

5.5CVSS7.3AI score0.00314EPSS
Exploits1References1
OSV
OSV
added 2025/08/21 12:30 a.m.4 views

GHSA-GJX6-H8HM-C9RQ xxl-job Jobs Handler remove function allows improper control of resource identifiers via ID parameter

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

5.4CVSS5.6AI score0.00314EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2022/07/27 2:26 p.m.43 views

CVE-2022-36910

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

5.4CVSS2.6AI score0.00434EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2019/03/14 3:40 p.m.38 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the...

5.4CVSS2AI score0.05046EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder