CVE-2025-7787 – Xuxueli xxl-job Server-Side Request Forgery (SSRF) Vulnerability

July 18, 2025

CVE ID : CVE-2025-7787

Published : July 18, 2025, 3:15 p.m. | 2 hours, 3 minutes ago

Description : A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file srcmainjavacomxxljobexecutorservicejobhandlerSampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53888 – RIOT-OS L2FILTER Add Buffer Overflow

Next Article CVE-2025-7788 – Xuxueli xxl-job OS Command Injection

Highlights

CVE-2025-2760 – GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability

April 23, 2025

CVE ID : CVE-2025-2760

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-7787 – Xuxueli xxl-job Server-Side Request Forgery (SSRF) Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager

Music AI Sandbox, now with new features and broader access

Eloquent Caching: Main Things You Need To Know

CVE-2025-4435 – TarFile Errorlevel Extraction Vulnerability

CVE-2025-2760 – GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability

CVE-2025-5484 – SinoTrack Default Password Vulnerability (Weak Authentication)

7 Code Editors You Can Use for Vibe Coding on Linux

CVE-2025-39412 – Averta Master Slider Unauthenticated Access Vulnerability

CVE-2025-7787 – Xuxueli xxl-job Server-Side Request Forgery (SSRF) Vulnerability

Related Posts