14 matches found
CVE-2026-9237
Summary: CVE-2026-9237 affects the WordPress plugin “Crew HRM” (Employee, Leave and Recruitment Management System). All versions up to 1.2.2 are vulnerable to an authorization bypass due to improper access verification. Authenticated users with subscriber-level access or higher can delete, archiv...
CVE-2026-9237 Employee, Leave and Recruitment Management System <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Job Deletion via crewhrm_singleJobAction AJAX Action
The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2018-25327
Joomla! Component Js Jobs 1.2.0 is affected by a Cross-Site Request Forgery vulnerability that allows attackers to perform state-changing actions without token validation. By tricking an administrator into visiting a malicious page, an attacker can target endpoints such as job.jobenforcedelete to...
CVE-2026-27482 Ray: Dashboard DELETE endpoints allow unauthenticated browser-triggered DoS (Serve shutdown / job deletion)
Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable e.g., --dashboard-host=0.0.0.0, a web page via DNS rebinding o...
PT-2026-21334
Name of the Vulnerable Software and Affected Versions Ray versions 2.53.0 and below Description Ray’s dashboard HTTP server does not adequately protect DELETE requests, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable, a web page using DNS rebinding or...
Duplicate
This advisory duplicates another...
WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion vulnerability
Insecure Direct Object Reference to Authenticated Employer+ Arbitrary Job Deletion vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.6...
EUVD-2024-51596
Malicious code in bioql PyPI...
EUVD-2022-6405
Malicious code in bioql PyPI...
PT-2025-38253
Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description The /api/v1/jobs and /preheats endpoints in the Manager web UI are accessible without authentication. An unauthenticated adversary with network access to a Manager web UI can create, delete, and...
CVE-2022-34815
A cross-site request forgery CSRF vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs...
CVE-2024-13429 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...
CVE-2024-13429 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possib...
UBUNTU-CVE-2014-1740
Multiple use-after-free vulnerabilities in net/websockets/websocketjob.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion...