CVE-2026-56299

Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/ endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic with invalid...

EUVD-2019-19725

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jobid parameter. Attackers can send POST requests to getjobapplicationsajax.php with malicious jobid values to bypass authentication,...

PT-2026-22954

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job id parameter. Attackers can send POST requests to get job applications ajax.php with malicious job id values to bypass authenticatio...

EUVD-2025-36228

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

CVE-2025-54965

CVE-2025-54965 describes an XSS in the SOCET GXP Job Status Service of BAE SOCET GXP before 4.6.0.2. The vulnerability stems from improper sanitization of the job ID parameter in the job status page, allowing an attacker who can lure a user to click a crafted link to execute arbitrary JavaScript ...

EUVD-2025-32029

Malicious code in bioql PyPI...

Job Diary view-details.php file SQL Injection Vulnerability

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that stems from an error in the parameter jobid in the file /view-details.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL...

CVE-2024-8471

Cross-Site Scripting XSS vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php...

CVE-2023-49689

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database...

Kashipara Job Portal SQL Injection Vulnerability

Kashipara Job Portal is an online job portal system from Kashipara. A SQL injection vulnerability exists in Kashipara Job Portal v1.0, which stems from the "JobId" parameter of Employer/DeleteJob.php does not validate received characters and is sent to the database unfiltered...

CVE-2021-38481

The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string...

Mainway FireEye EX SQL注入漏洞

Mainway FireEye EX is an all-in-one platform for enterprise security from Mainway, a China-based company. the FireEye® Central Management Platforms CM Series are a set of management platforms that consolidate the management, reporting, and data sharing of FireEye products into a single, easily...