12 matches found
CVE-2018-25327
Joomla! Component Js Jobs 1.2.0 is affected by a Cross-Site Request Forgery vulnerability that allows attackers to perform state-changing actions without token validation. By tricking an administrator into visiting a malicious page, an attacker can target endpoints such as job.jobenforcedelete to...
CVE-2026-27482 Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...
PT-2026-21334
Name of the Vulnerable Software and Affected Versions Ray versions 2.53.0 and below Description Ray’s dashboard HTTP server does not adequately protect DELETE requests, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable, a web page using DNS rebinding or...
Duplicate
This advisory duplicates another...
WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability
Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Job Deletion vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.6...
EUVD-2022-6405
Malicious code in bioql PyPI...
EUVD-2024-51596
Malicious code in bioql PyPI...
PT-2025-38253
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description The /api/v1/jobs and /preheats endpoints in the Manager web UI are accessible without authentication. An unauthenticated adversary with network access to a Manager web UI can create, delete, and...
CVE-2022-34815
A cross-site request forgery CSRF vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs...
CVE-2024-13429 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...
CVE-2024-13429 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...
UBUNTU-CVE-2014-1740
Multiple use-after-free vulnerabilities in net/websockets/websocketjob.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion...