Lucene search
K

7213 matches found

EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-34898

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD...

5.3CVSS
Exploits0References3
Cvelist
Cvelist
added 2 hours ago2 views

CVE-2026-45776 Open XDMoD has Broken Access Control via Client-Controlled Session Variable

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD...

5.3CVSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-45776 Open XDMoD has Broken Access Control via Client-Controlled Session Variable

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD...

5.3CVSS5.4AI score
Exploits0References3
Nuclei
Nuclei
added 18 hours ago26 views

WordPress Job Portal < 2.0.6 - SQL Injection

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or...

9.8CVSS7.9AI score0.45451EPSS
Exploits2References2
Nuclei
Nuclei
added 18 hours ago5 views

MLflow < 3.10.0 - Authentication Bypass on FastAPI Routes

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.8AI score0.0015EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago22 views

XXL-JOB v2.2.0 — Stored Cross Site Scripting

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file. id: CVE-2020-23814 info: name: XXL-JOB v2.2.0 — Stored Cross Site Scripting author:...

6.1CVSS6.3AI score0.00723EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago8 views

Complete Online Job Search System 1.0 - Cross-Site Scripting

Complete Online Job Search System 1.0 contains a cross-site scripting vulnerability via index.php?q=advancesearch. id: CVE-2022-29316 info: name: Complete Online Job Search System 1.0 - Cross-Site Scripting author: arafatansari severity: high description: | Complete Online Job Search System 1.0...

9.8CVSS7.5AI score0.60412EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago12 views

GestioIP - Reflected Cross-Site Scripting

GestioIP v3.5.7 contains a reflected cross-site scripting caused by unsanitized input in the ipdojob request, letting attackers execute scripts in the victim's browser, exploit requires specific user permissions. id: CVE-2024-50857 info: name: GestioIP - Reflected Cross-Site Scripting author:...

4.8CVSS5.3AI score0.00068EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 21 hours ago2 views

PT-2026-47037

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD...

5.3CVSS
Exploits0References4
GithubExploit
GithubExploit
added yesterday35 views

Exploit for Deserialization of Untrusted Data in Presstigers Simple_Job_Board

CVE-2024-1813 - Simple Job Board ≤ 2.11.0 WordPress - Unauth...

9.8CVSS5.8AI score0.07996EPSS
Exploits1
NVD
NVD
added yesterday4 views

CVE-2019-25740

Joomla comjsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field2 parameter to delete...

7.1CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2019-25740

Joomla comjsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field2 parameter to delete...

7.1CVSS5.9AI score
Exploits0References4Affected Software1
HackRead
HackRead
added yesterday4 views

Five Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff

Five Eyes warns that Chinese spies are using fake job ads on LinkedIn, Indeed, and Upwork to target military staff and steal sensitive data...

5.8AI score
Exploits0
Nuclei
Nuclei
added yesterday8 views

WordPress Simple Job Board - Unauthorized Data Access

The Simple Job Board plugin for WordPress is vulnerable to unauthorized data access due to insufficient authorization checking in the fetchquickjob function in all versions up to and including 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be...

5.3CVSS6.8AI score0.0669EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday23 views

Complete Online Job Search System 1.0 - SQL Injection

Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

7.2CVSS7.2AI score0.11785EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday10 views

Complete Online Job Search System 1.0 - SQL Injection

Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site...

7.2CVSS7.2AI score0.11785EPSS
Exploits1References3
CVE
CVE
added yesterday9 views

CVE-2026-41010

The CVE describes a shell command-injection in BOSH Director during ReleaseJob#unpack: the code constructs a shell command using a name value taken verbatim from attacker-supplied release.MF and interpolates it into tar -C … -xf …, then executes via /bin/sh -c. Although the directory is created w...

8.7CVSS5.9AI score0.00021EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday37 views

CVE-2026-41010

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS0.00021EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-34198

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS5.9AI score0.00021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-41010

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS5.9AI score0.00021EPSS
Exploits0References2
Rows per page
Query Builder