11 matches found
BIT-MLFLOW-2026-2652 Authentication Bypass in mlflow/mlflow
A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...
PT-2026-22957
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job type value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim...
CVE-2026-24124
Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...
Dragonfly Access Control Vulnerability
Dragonfly is an open-source framework developed by DragonflyDB, capable of dynamically processing any content type. Versions of Dragonfly 2.4.1-rc.0 and earlier contained a access control vulnerability. This vulnerability stemmed from the absence of JWT authentication and RBAC authorization check...
PT-2024-13753 · Unknown · Vx Search Enterprise
Name of the Vulnerable Software and Affected Versions: VX Search Enterprise version 10.2.14 Description: A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/add job" API endpoint in the job name variable. This could allow an attacker to store...
CVE-2023-41015
code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via /Employer/DeleteJob.php?JobId=1...
Online Job Portal Security Vulnerability
Online Job Portal is an online job portal for janobe individual developers. A security vulnerability exists in Online Job Portal that originates from an SQL injection attack via /Employer/DeleteJob.php?JobId=1...
CVE-2017-17895
Readymade Job Site Script has SQL Injection via the locationname array parameter to the /job URI...
CVE-2017-17894
Readymade Job Site Script has CSRF via the /job URI...
PHP Scripts Mall Readymade Job Site Script Cross-Site Scripting Vulnerability
PHP Scripts Mall Readymade Job Site Script is a PHP based job site script by PHP Scripts Mall India. The script includes features like job management, profile management and email notifications. A cross-site scripting vulnerability exists in PHP Scripts Mall Readymade Job Site Script. A remote...
CVE-2017-17642
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job...