Skip to main content

Onlinejudge

2 CVEs product

Monthly

CVE-2026-5538 MEDIUM This Month

Server-side request forgery (SSRF) in QingdaoU OnlineJudge up to version 1.6.1 allows authenticated remote attackers to perform arbitrary HTTP requests via the judge_server_heartbeat endpoint's service_url parameter, enabling potential exfiltration of internal data, interaction with internal services, or lateral movement within the target network. The vendor has not responded to disclosure attempts, and no official patch has been released.

SSRF Onlinejudge
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2018-16367 CRITICAL POC Act Now

In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Onlinejudge
NVD GitHub
CVSS 3.0
9.9
EPSS
2.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

Server-side request forgery (SSRF) in QingdaoU OnlineJudge up to version 1.6.1 allows authenticated remote attackers to perform arbitrary HTTP requests via the judge_server_heartbeat endpoint's service_url parameter, enabling potential exfiltration of internal data, interaction with internal services, or lateral movement within the target network. The vendor has not responded to disclosure attempts, and no official patch has been released.

SSRF Onlinejudge
NVD VulDB GitHub
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Onlinejudge
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy