All 8 CVE vulnerabilities found in xxl-job, with AI-generated Chinese analysis, references, and POCs.
Vendor: n/a
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-3733 | xuxueli xxl-job JobInfoController.java server-side request forgery CWE-918 | 6.3 | Medium | 2026-03-08 |
| CVE-2025-9264 | Xuxueli xxl-job Jobs JobInfoController.java remove resource injection CWE-99 | 5.4 | Medium | 2025-08-20 |
| CVE-2025-9263 | Xuxueli xxl-job JobLogController.java getJobsByGroup resource injection CWE-99 | 4.3 | Medium | 2025-08-20 |
| CVE-2025-7789 | Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash CWE-916 | 3.7 | Low | 2025-07-18 |
| CVE-2025-7788 | Xuxueli xxl-job SampleXxlJob.java commandJobHandler os command injection CWE-78 | 6.3 | Medium | 2025-07-18 |
| CVE-2025-7787 | Xuxueli xxl-job SampleXxlJob.java httpJobHandler server-side request forgery CWE-918 | 6.3 | Medium | 2025-07-18 |
| CVE-2024-3366 | Xuxueli xxl-job Template JdkSerializeTool.java deserialize injection CWE-74 | 3.5 | Low | 2024-04-06 |
| CVE-2023-0674 | XXL-JOB New Password updatePwd cross-site request forgery CWE-352 | 4.3 | Medium | 2023-02-04 |
All 8 known CVE vulnerabilities affecting xxl-job with full Chinese analysis, references, and POCs where available.