2 matches found
CVE-2025-63691
In pig-mesh Pig 3.8.2 and earlier, the /api/admin/sys-token/page token query endpoint in the Token Management function (System Management) has improper permission checks, enabling information leakage. Any authenticated user can call this endpoint and retrieve plaintext authentication Tokens for a...
CVE-2025-63690
The vulnerability CVE-2025-63690 affects pig-mesh Pig versions 3.8.2 and earlier, in the Quartz management function under the system management module. The issue stems from allowing reflection to instantiate any Java class with a parameterless constructor and invoke methods with String parameters...