CVE-2025-7789 – Xuxueli xxl-job Password Hashing Weakness

July 18, 2025

CVE ID : CVE-2025-7789

Published : July 18, 2025, 4:15 p.m. | 1 hour, 3 minutes ago

Description : A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7791 – PHPGurukul Online Security Guards Hiring System Cross-Site Scripting Vulnerability

Next Article CVE-2025-54079 – WeGIA SQL Injection Vulnerability

Highlights

CVE-2025-53936 – WeGIA Reflected Cross-Site Scripting (XSS)

July 16, 2025

CVE ID : CVE-2025-53936

Published : July 16, 2025, 4:15 p.m. | 2 hours, 28 minutes ago

Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `nome_car` parameter. Version 3.4.5 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

I took a walk with Meta’s new Oakley smart glasses – they beat my Ray-Bans in every way

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Top 7 Computer Performance Test Tools Online (Free & Fast)

Top 7 Computer Performance Test Tools Online (Free & Fast)

10 Best Windows 11 Encryption Software

Google Chrome Is Testing Dynamic Country Detection for Region-Specific Features

CVE-2025-7789 – Xuxueli xxl-job Password Hashing Weakness

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Best GBA Emulators for PC to Download: Top Picks [2025]

Tailwind CSS vs Bootstrap: A Side-by-Side Comparison

CVE-2025-32818 impacts SonicOS SSLVPN

CVE-2025-20665 – Samsung Android SELinux Policy Missing Disclosure Vulnerability

CVE-2025-53936 – WeGIA Reflected Cross-Site Scripting (XSS)

I put my AirPods Max away within hours of testing these headphones

CVE-2025-6470 – Code-projects Online Bidding System SQL Injection Vulnerability

I found a mini PC that can be a powerful Windows alternative – and it’s not a Mac

CVE-2025-7789 – Xuxueli xxl-job Password Hashing Weakness

Related Posts