Lucene search
K

11 matches found

OSV
OSV
added 2026/05/19 8:53 a.m.10 views

BIT-MLFLOW-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS6AI score0.01502EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.7 views

PT-2026-22957

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job type value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim...

6.1CVSS6AI score0.00251EPSS
Exploits1References2
NVD
NVD
added 2026/01/22 11:15 p.m.6 views

CVE-2026-24124

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

9.8CVSS0.00713EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

Dragonfly Access Control Vulnerability

Dragonfly is an open-source framework developed by DragonflyDB, capable of dynamically processing any content type. Versions of Dragonfly 2.4.1-rc.0 and earlier contained a access control vulnerability. This vulnerability stemmed from the absence of JWT authentication and RBAC authorization check...

9.8CVSS5.8AI score0.00713EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.6 views

PT-2024-13753 · Unknown · Vx Search Enterprise

Name of the Vulnerable Software and Affected Versions: VX Search Enterprise version 10.2.14 Description: A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/add job" API endpoint in the job name variable. This could allow an attacker to store...

7.1CVSS6.5AI score0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/03/07 9:15 a.m.4 views

CVE-2023-41015

code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via /Employer/DeleteJob.php?JobId=1...

5.5CVSS5.8AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/07 12:0 a.m.2 views

Online Job Portal Security Vulnerability

Online Job Portal is an online job portal for janobe individual developers. A security vulnerability exists in Online Job Portal that originates from an SQL injection attack via /Employer/DeleteJob.php?JobId=1...

5.5CVSS7.9AI score0.00309EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/12/27 5:8 p.m.2 views

CVE-2017-17895

Readymade Job Site Script has SQL Injection via the locationname array parameter to the /job URI...

9.8CVSS6.1AI score0.01161EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2017/12/27 5:8 p.m.2 views

CVE-2017-17894

Readymade Job Site Script has CSRF via the /job URI...

8.8CVSS5.6AI score0.00505EPSS
Exploits1References2
CNVD
CNVD
added 2017/12/25 12:0 a.m.2 views

PHP Scripts Mall Readymade Job Site Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Readymade Job Site Script is a PHP based job site script by PHP Scripts Mall India. The script includes features like job management, profile management and email notifications. A cross-site scripting vulnerability exists in PHP Scripts Mall Readymade Job Site Script. A remote...

6.1CVSS6.3AI score0.00683EPSS
Exploits1References1
OSV
OSV
added 2017/12/13 9:29 a.m.3 views

CVE-2017-17642

Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job...

9.8CVSS5.9AI score0.02204EPSS
Exploits1References2
Rows per page
Query Builder