Aggregates CVE and security vulnerability intelligence across all powerjob-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection and vendor risk ssrf; exposure may include vendor impact data exposure in vendor surface production workloads and vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-14518 | A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | [email protected] | 2.1 | 0.31% | 2025-12-11 | 2026-06-17 |
| CVE-2025-11581 | A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | [email protected] | 5.5 | 0.42% | 2025-10-10 | 2026-06-17 |
| CVE-2025-11580 | A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | [email protected] | 5.5 | 1.03% | 2025-10-10 | 2026-06-17 |
| CVE-2024-44546 | Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter. | [email protected] | 9.8 | 0.41% | 2024-11-11 | 2026-06-17 |
| CVE-2023-36106 | An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list. | [email protected] | 7.5 | 0.69% | 2023-08-17 | 2026-06-17 |
| CVE-2023-37754 | PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail. | [email protected] | 9.8 | 26.89% | 2023-07-28 | 2026-06-17 |
| CVE-2023-29924 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. | [email protected] | 9.8 | 1.08% | 2023-04-21 | 2026-06-17 |
| CVE-2023-29926 | PowerJob V4.3.2 has unauthorized interface that causes remote code execution. | [email protected] | 9.8 | 1.17% | 2023-04-20 | 2026-06-17 |
| CVE-2023-29922 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. | [email protected] | 5.3 | 3.00% | 2023-04-19 | 2026-06-17 |
| CVE-2023-29923 | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. | [email protected] | 5.3 | 9.54% | 2023-04-19 | 2026-06-17 |
| CVE-2023-29921 | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. | [email protected] | 5.3 | 0.53% | 2023-04-19 | 2026-06-17 |
| CVE-2020-28865 | An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. | [email protected] | 7.5 | 0.73% | 2022-06-16 | 2026-06-16 |