VYPR

Powerjob

by Powerjob

Source repositories

CVEs (14)

  • CVE-2026-5739HigApr 7, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The…

  • CVE-2025-14518MedDec 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument…

  • CVE-2026-5736HigApr 7, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of…

  • CVE-2023-29922Apr 19, 2023
    risk 0.07cvss epss 0.03

    PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.

  • CVE-2023-29923Apr 19, 2023
    risk 0.07cvss epss 0.10

    PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.

  • CVE-2023-37754Jul 28, 2023
    risk 0.05cvss epss 0.27

    PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.

  • CVE-2025-11581Oct 10, 2025
    risk 0.00cvss epss 0.00

    A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been…

  • CVE-2025-11580Oct 10, 2025
    risk 0.00cvss epss 0.01

    A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

  • CVE-2024-44546Nov 11, 2024
    risk 0.00cvss epss 0.00

    Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.

  • CVE-2023-36106Aug 17, 2023
    risk 0.00cvss epss 0.01

    An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.

  • CVE-2023-29924Apr 21, 2023
    risk 0.00cvss epss 0.01

    PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.

  • CVE-2023-29926Apr 20, 2023
    risk 0.00cvss epss 0.01

    PowerJob V4.3.2 has unauthorized interface that causes remote code execution.

  • CVE-2023-29921Apr 19, 2023
    risk 0.00cvss epss 0.01

    PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.

  • CVE-2020-28865Jun 16, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save.