Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added 2026/06/10 12:31 p.m.23 views

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.3AI score0.12797EPSS
Exploits9References5
OSV
OSV
added 2026/05/26 3:16 p.m.7 views

ALPINE-CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9CVSS6.4AI score0.12797EPSS
Exploits9References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Samba 操作系统命令注入漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a vulnerability related to operating system command injection, which arises from the lack of escaping shell metacharacters when passing client-controlled job description strings to...

9.8CVSS6.2AI score0.12797EPSS
Exploits9References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

OrangeHRM 安全漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained security...

5.3CVSS5.8AI score0.00165EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/22 3:21 a.m.23 views

CVE-2026-24036 Horilla Exposes Unpublished Job Disclosures through Unauthenticated API

Horilla is a free and open source Human Resource Management System HRMS. Versions 1.4.0 and above expose unpublished job postings through the /recruitment/recruitment-details// endpoint without authentication. The response includes draft job titles, descriptions and application link allowing...

5.3CVSS0.00463EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.30 views

CVE-2025-14467 WP Job Portal <= 2.4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field

The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.4. This is due to the plugin explicitly whitelisting the tag in its WPJOBPORTALALLOWEDTAGS configuration and using insufficient input sanitization when saving job...

4.4CVSS0.00211EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2024/09/18 9:32 a.m.29 views

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant...

7.3AI score
Exploits0
Atlassian
Atlassian
added 2023/09/20 3:53 p.m.46 views

XXE (XML External Entity Injection) in Jira Service Management Data Center and Server - CVE-2019-13990

h2. Summary of Vulnerability Certain versions of Jira Service Management Server & Data Center were affected by CVE-2019-13990. The affected versions contained vulnerable versions of Terracotta Quartz Scheduler which allowed authenticated attackers to initiate an XML External Entity injection atta...

9.8CVSS9.1AI score0.162EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/13 6:36 p.m.17 views

The Intelligent Listing: Cybersecurity Job Descriptions That Deliver

Modern job descriptions have quite the reputation for causing reactionary eye-rolling. Why? Because what used to be a couple of paragraphs – about requirements and experience for performing a cybersecurity analyst job – is actually now filled with a laundry list of criteria that make candidates...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/01/30 11:15 p.m.10 views

sbcity.org XSS vulnerability

Open Bug Bounty ID: OBB-549984 Description| Value ---|--- Affected Website:| sbcity.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/03/17 12:0 p.m.18 views

Bejtlich Moves On

Exactly six years ago today I announced that I was joining Mandiant to become the company's first CSO. Today is my last day at FireEye, the company that bought Mandiant at the very end of 2013. The highlights of my time at Mandiant involved two sets of responsibilities. First, as CSO, I enjoyed...

6.7AI score
Exploits0
Rows per page
Query Builder