Lucene search
K

28 matches found

NVD
NVD
added 2026/06/21 2:16 p.m.16 views

CVE-2026-56229

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.30 views

CVE-2026-56316 Cap-go - Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to...

6.9CVSS0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.29 views

CVE-2026-56229 Capgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/logs

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.4 views

CVE-2026-56229

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/21 1:26 p.m.7 views

EUVD-2026-38164

Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...

7.1CVSS5.9AI score0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.10 views

PT-2026-51226

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An information disclosure issue exists in the 'OPTIONS /build/upload/:jobId/' endpoint. Unauthenticated attackers can enumerate valid builder job IDs by observing response discrepancies. This allow...

6.9CVSS5.8AI score0.00241EPSS
Exploits0References7
NVD
NVD
added 2026/03/04 6:16 p.m.8 views

CVE-2019-25499

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jobid parameter. Attackers can send POST requests to getjobapplicationsajax.php with malicious jobid values to bypass authentication,...

9.8CVSS0.00453EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 5:15 p.m.4 views

CVE-2019-25499

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jobid parameter. Attackers can send POST requests to getjobapplicationsajax.php with malicious jobid values to bypass authentication,...

8.8CVSS6.1AI score0.00453EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/04 5:15 p.m.9 views

CVE-2019-25499

CVE-2019-25499 describes an SQL injection in Simple Job Script via the job_id parameter passed to get_job_applications_ajax.php. Unauthenticated attackers can manipulate queries, potentially bypass authentication and extract or modify data. Red Hat and other sources corroborate the issue, with ex...

9.8CVSS6.1AI score0.00453EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.5 views

Simplejobscript SQL注入漏洞

Simplejobscript is a free worksheet software developed by Niteosoft. Simplejobscript has a SQL injection vulnerability. This vulnerability stems from the SQL injection in the jobid parameter, which could allow unverified attackers to manipulate database queries, extract sensitive data, or modify...

9.8CVSS5.8AI score0.00453EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/28 12:28 a.m.13 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.1CVSS6.7AI score0.00184EPSS
Exploits0References1
OSV
OSV
added 2025/10/27 6:15 p.m.4 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.1CVSS6AI score0.00184EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.5 views

PT-2025-43993

Name of the Vulnerable Software and Affected Versions BAE SOCET GXP versions prior to 4.6.0.2 Description An XSS issue exists in the SOCET GXP Job Status Service. The service does not properly sanitize the job ID parameter before using it in the job status page. An attacker may be able to execute...

6.1CVSS6.4AI score0.00184EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/27 12:0 a.m.6 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

0.00184EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

BAE Systems SOCET GXP 安全漏洞

BAE Systems SOCET GXP is a high-end geographic information image analysis and mapping software from BAE Systems. A security vulnerability exists in BAE Systems SOCET GXP versions prior to 4.6.0.2, which stems from the Job Status Service not properly clearing the job ID parameter, which could lead...

6.1CVSS5.8AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-24933

Malware in sbrugna...

9.8CVSS9.4AI score0.00943EPSS
Exploits0References2
NVD
NVD
added 2025/10/01 5:15 p.m.6 views

CVE-2025-20366

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an...

6.5CVSS0.0041EPSS
Exploits0References1
CVE
CVE
added 2024/08/16 1:59 a.m.36 views

CVE-2023-7049

CVE-2023-7049 affects the Custom Field For WP Job Manager WordPress plugin. It enables insecure direct object access via the cm_fieldshow shortcode, due to missing validation of the job_id parameter. All versions up to 1.2 are affected. Exploitation requires authenticated access at contributor le...

4.3CVSS4.4AI score0.00388EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.6 views

PT-2024-12915 · Unknown · Code-Projects.Org Online Job Portal

Name of the Vulnerable Software and Affected Versions: code-projects.org Online Job Portal version 1.0 Description: The issue is related to SQL Injection. It can be exploited via the "/Employer/DeleteJob.php?JobId=1" API endpoint, specifically through the JobId variable. This allows for potential...

5.5CVSS7.1AI score0.00309EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/07 12:0 a.m.3 views

Online Job Portal Security Vulnerability

Online Job Portal is an online job portal for janobe individual developers. A security vulnerability exists in Online Job Portal that originates from an SQL injection attack via /Employer/DeleteJob.php?JobId=1...

5.5CVSS7.9AI score0.00309EPSS
Exploits0References2
Rows per page
Query Builder