Lucene search
+L

7490 matches found

cve
cve
added yesterday5 views

CVE-2026-61718

Bunkerweb (WAF) exposes a vulnerability in versions 1.6.2–1.6.12 where the BiscuitMiddleware authorization bypass for the /cache/ routes allowed low-privilege read-only users to delete job cache files. Specifically, routes in src/ui/app/routes/cache.py were only protected by @login_required despi...

5.4CVSS6.1AI score
Exploits0References3
nuclei
nuclei
added yesterday16 views

Complete Online Job Search System 1.0 - Cross-Site Scripting

Complete Online Job Search System 1.0 contains a cross-site scripting vulnerability via index.php?q=advancesearch. id: CVE-2022-29316 info: name: Complete Online Job Search System 1.0 - Cross-Site Scripting author: arafatansari severity: high description: | Complete Online Job Search System 1.0...

9.8CVSS7AI score0.03139EPSS
Exploits0References2
nuclei
nuclei
added yesterday47 views

Complete Online Job Search System 1.0 - SQL Injection

Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site...

7.2CVSS7AI score0.04522EPSS
Exploits1References3
nuclei
nuclei
added yesterday29 views

XXL-JOB v2.2.0 — Stored Cross Site Scripting

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file. id: CVE-2020-23814 info: name: XXL-JOB v2.2.0 — Stored Cross Site Scripting author:...

6.1CVSS6.5AI score0.01188EPSS
Exploits1References2
nuclei
nuclei
added yesterday56 views

WordPress Job Portal < 2.0.6 - SQL Injection

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or...

9.8CVSS7AI score0.03096EPSS
Exploits2References2
nuclei
nuclei
added yesterday18 views

MLflow < 3.10.0 - Authentication Bypass on FastAPI Routes

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.1AI score0.01502EPSS
Exploits1References2
nuclei
nuclei
added yesterday76 views

Complete Online Job Search System 1.0 - SQL Injection

Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

7.2CVSS7AI score0.04522EPSS
Exploits1References3
nuclei
nuclei
added yesterday13 views

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...

5.3CVSS6.7AI score0.00909EPSS
Exploits0References3
nuclei
nuclei
added yesterday19 views

GestioIP - Reflected Cross-Site Scripting

GestioIP v3.5.7 contains a reflected cross-site scripting caused by unsanitized input in the ipdojob request, letting attackers execute scripts in the victim's browser, exploit requires specific user permissions. id: CVE-2024-50857 info: name: GestioIP - Reflected Cross-Site Scripting author:...

4.8CVSS6.1AI score0.01172EPSS
Exploits3References4
cvelist
cvelist
added yesterday17 views

CVE-2026-12395 WP Job Portal < 2.5.5 - Subscriber+ SQL Injection via Applied Resumes 'ta' Parameter

The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level self-registerable account to perform SQL injection attacks...

0.00177EPSS
Exploits0References1
euvd
euvd
added yesterday6 views

EUVD-2026-44872

The WP Job Portal WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level self-registerable account to perform SQL injection attacks...

6.5CVSS6.1AI score0.00177EPSS
Exploits0References1
cve
cve
added yesterday6 views

CVE-2026-12395

CVE-2026-12395 : The WP Job Portal WordPress plugin before 2.5.5 is vulnerable to a SQL injection in the applied resumes by the ta parameter due to improper sanitization/escaping before SQL usage. Exploitation requires an authenticated subscriber-level user. Impact per sources is potential SQL in...

6.5CVSS6.1AI score0.00177EPSS
Exploits0References1
euvd
euvd
added yesterday5 views

EUVD-2026-44844

Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script...

6.1CVSS6.4AI score0.00386EPSS
Exploits1References2
euvd
euvd
added yesterday5 views

EUVD-2026-44843

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

9.1CVSS6.2AI score0.00266EPSS
Exploits1References3
nvd
nvd
added 2 days ago7 views

CVE-2026-26719

Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script...

6.1CVSS0.00386EPSS
Exploits1References1
nvd
nvd
added 2 days ago7 views

CVE-2026-26718

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

9.1CVSS0.00266EPSS
Exploits1References2
osv
osv
added 2 days ago3 views

RLSA-2026:39302 Moderate: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network CVE-2026-34980 For more details about...

6.4CVSS7AI score0.00502EPSS
Exploits1References2
cve
cve
added 2 days ago1 views

CVE-2026-26719

Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script...

6.1CVSS6.4AI score0.00386EPSS
Exploits1References1
cve
cve
added 2 days ago4 views

CVE-2026-26718

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

9.1CVSS6.2AI score0.00266EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2 days ago8 views

PT-2026-60330

Name of the Vulnerable Software and Affected Versions xxl-job-admin version 3.0.0 Description A Cross-Site Request Forgery CSRF issue exists in the web application. This occurs because a specific endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods through a permissive...

6.2AI score0.00266EPSS
Exploits1References4
Rows per page
Query Builder