Lucene search
+L

10 matches found

Veracode
Veracode
added 2025/07/25 6:46 a.m.6 views

Server Side Request Forgery (SSRF)

com.xuxueli, xxl-job-core is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation in the httpJobHandler function of SampleXxlJob.java, which allows an attacker to send crafted requests to internal or external systems remotely...

8.8CVSS6.2AI score0.00411EPSS
Exploits1References6Affected Software1
vulnersOsv
vulnersOsv
added 2025/07/18 3:31 p.m.15 views

cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +229 more potentially affected by CVE-2025-7787 via com.xuxueli:xxl-job-core (>=1.8.2 <=3.1.1)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.0.0, =1.6.0, =1.6.154 and more Source cves: CVE-2025-7787 Source advisory: OSV:GHSA-F8VW-8VGH-22R9...

8.8CVSS6.5AI score0.00411EPSS
Exploits1
Veracode
Veracode
added 2024/08/16 9:40 a.m.18 views

Insecure Permissions

com.xuxueli, xxl-job-core is vulnerable to Insecure Permissions. The vulnerability is due to improper access control and validation in the Sub-Task ID component. This allowing attackers to manipulate it to execute arbitrary code by crafting malicious input...

8.8CVSS7.6AI score0.00886EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2024/08/15 6:31 p.m.8 views

cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +185 more potentially affected by CVE-2024-42681 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.4.1)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.0.0, =1.6.0, =1.6.154 and more Source cves: CVE-2024-42681 Source advisory: OSV:GHSA-CPFP-M5QW-C4R3...

8.8CVSS5.7AI score0.00886EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/04/06 12:30 p.m.6 views

cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +171 more potentially affected by CVE-2024-3366 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.4.0)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.6.154 - cn.openjava:openjava-xxl-job-starter =2.0.0.1-alpha and more Source cves: CVE-2024-3366 Source advisory: OSV:GHSA-2V42-XP3J-47M4...

9.8CVSS5.7AI score0.00945EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/11/17 9:30 p.m.5 views

cn.allbs:allbs-bom (>=1.0.7 <=2.0.0), cn.allbs:allbs-xxl-job (>=1.0.6 <=2.0.1) +125 more potentially affected by CVE-2022-43183 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.3.1)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.4.0.RELEASE, =1.4.0.RELEASE, =1.4.0.RELEASE, =1.4.0.RELEASE, =1.4.2.RELEASE and more Source cves: CVE-2022-43183 Source advisory: OSV:GHSA-83W4-X5W9-HF4H...

8.8CVSS7.6AI score0.01602EPSS
Exploits1
Veracode
Veracode
added 2022/10/03 3:38 a.m.21 views

Malicious Command Execution

xxl-job-core is vulnerable to malicious command execution. Lack of sanitization of new task in task management module of the background management allows an attacker to inject and execute malicious commands...

9.8CVSS9.2AI score0.01266EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/09/29 12:0 a.m.8 views

cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.db101:xxl-job-spring-boot-starter (=1.1.0) +53 more potentially affected by CVE-2022-40929 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.2.0)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.0.1, =2.1.1-RELEASE, =6.1.0, =0.0.4, =1.5.13, =1.7.1 - com.gitee.zodiacstack:zodiac-xxljob-spring-boot-starter =1.5.16 - com.github.hiwepy:xxljob-spring-boot-starter =1.0.0.RELEASE -...

9.8CVSS7.8AI score0.01266EPSS
Exploits1
Veracode
Veracode
added 2022/05/24 6:45 a.m.42 views

Cross-Site Request Forgery (CSRF)

XXL Job Core is vulnerable to cross-site request forgery. The vulnerability exists in xxl-job-admin component due to less restrictions of user permissions which allows an attacker to perform unauthorized actions...

8.8CVSS8.1AI score0.00456EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2021/10/12 4:41 p.m.9 views

cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.db101:xxl-job-spring-boot-starter (=1.1.0) +53 more potentially affected by CVE-2020-29204 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.2.0)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.0.1, =2.1.1-RELEASE, =6.1.0, =0.0.4, =1.5.13, =1.7.1 - com.gitee.zodiacstack:zodiac-xxljob-spring-boot-starter =1.5.16 - com.github.hiwepy:xxljob-spring-boot-starter =1.0.0.RELEASE -...

6.1CVSS6.3AI score0.00882EPSS
Exploits1
Rows per page
Query Builder