Powerjob
Products
1- 14 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5739 | Hig | 0.47 | 7.3 | 0.00 | Apr 7, 2026 | A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The… | ||
| CVE-2025-14518 | Med | 0.41 | 6.3 | 0.00 | Dec 11, 2025 | A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument… | ||
| CVE-2026-5736 | Hig | 0.40 | 7.3 | 0.00 | Apr 7, 2026 | A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of… | ||
| CVE-2023-29922 | 0.07 | — | 0.03 | Apr 19, 2023 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. | |||
| CVE-2023-29923 | 0.07 | — | 0.10 | Apr 19, 2023 | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. | |||
| CVE-2023-37754 | 0.05 | — | 0.27 | Jul 28, 2023 | PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail. | |||
| CVE-2025-11581 | 0.00 | — | 0.00 | Oct 10, 2025 | A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been… | |||
| CVE-2025-11580 | 0.00 | — | 0.01 | Oct 10, 2025 | A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |||
| CVE-2024-44546 | 0.00 | — | 0.00 | Nov 11, 2024 | Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter. | |||
| CVE-2023-36106 | 0.00 | — | 0.01 | Aug 17, 2023 | An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list. | |||
| CVE-2023-29924 | 0.00 | — | 0.01 | Apr 21, 2023 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. | |||
| CVE-2023-29926 | 0.00 | — | 0.01 | Apr 20, 2023 | PowerJob V4.3.2 has unauthorized interface that causes remote code execution. | |||
| CVE-2023-29921 | 0.00 | — | 0.01 | Apr 19, 2023 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. | |||
| CVE-2020-28865 | 0.00 | — | 0.01 | Jun 16, 2022 | An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. |
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.evaluate of the file /openApi/addWorkflowNode of the component OpenAPI Endpoint. The manipulation of the argument nodeParams results in code injection. The…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument…
- risk 0.40cvss 7.3epss 0.00
A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of…
- CVE-2023-29922Apr 19, 2023risk 0.07cvss —epss 0.03
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.
- CVE-2023-29923Apr 19, 2023risk 0.07cvss —epss 0.10
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
- CVE-2023-37754Jul 28, 2023risk 0.05cvss —epss 0.27
PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.
- CVE-2025-11581Oct 10, 2025risk 0.00cvss —epss 0.00
A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been…
- CVE-2025-11580Oct 10, 2025risk 0.00cvss —epss 0.01
A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
- CVE-2024-44546Nov 11, 2024risk 0.00cvss —epss 0.00
Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.
- CVE-2023-36106Aug 17, 2023risk 0.00cvss —epss 0.01
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.
- CVE-2023-29924Apr 21, 2023risk 0.00cvss —epss 0.01
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.
- CVE-2023-29926Apr 20, 2023risk 0.00cvss —epss 0.01
PowerJob V4.3.2 has unauthorized interface that causes remote code execution.
- CVE-2023-29921Apr 19, 2023risk 0.00cvss —epss 0.01
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.
- CVE-2020-28865Jun 16, 2022risk 0.00cvss —epss 0.01
An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save.