MLflow Job API - Authentication Bypass

MLflow latest version contains an authentication bypass caused by unprotected FastAPI job endpoints under /ajax-api/3.0/jobs/ when basic-auth is enabled, letting unauthenticated network clients submit and manage jobs, exploit requires job execution enabled and allowlisted job functions. id:...

CVE-2026-8882

CVE-2026-8882 affects the WP ApplicantStack Jobs Display WordPress plugin (versions up to 1.1.1). The vulnerability is a Stored Cross-Site Scripting via Shortcode Attributes caused by insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level ac...

CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2026-35311

The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-8882 WP ApplicantStack Jobs Display <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-47675

Name of the Vulnerable Software and Affected Versions WP ApplicantStack Jobs Display versions prior to 1.1.2 Description Insufficient input sanitization and output escaping in shortcode attributes allow authenticated attackers with contributor-level access or higher to perform Stored Cross-Site...

WordPress WP ApplicantStack Jobs Display plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin WP ApplicantStack Jobs Display versions = 1.1.1...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

CVE-2025-57819 — FreePBX Unauthenticated SQLi → RCE One-shot...

CVE-2026-8976 RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

CVE-2026-8976 RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

CVE-2026-8976

The CVE-2026-8976 entry concerns the WordPress plugin RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator . It states a vulnerability in all versions up to and including 5.1.7: an authorization bypass where the plugin does not properly verify a user’s perm...

CVE-2026-10260

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2026-2652

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Feedzy versions = 5.1.7...

AI: Threat, tool, or both?

Public attitudes toward Artificial Intelligence AI are changing, and we wanted to understand why. A recent Pew Research survey found that about half of adults say the increased use of AI in daily life makes them more concerned than excited, and that concern has grown over the last few years. Peop...

CVE-2025-71314

A flaw was found in the Linux kernel's drm/panthor component. Buggy GPU jobs created by a User Mode Driver UMD can lead to a blockage in the memory subsystem. This prevents flush operations from completing, resulting in system hangs. A local attacker could exploit this to cause a Denial of Servic...

Email item data export from EWS failed

Challenge Exchange Online backup jobs in Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 may fail to process mailboxes, returning one of the following errors: Processing mailbox failed with error: Email item data export from EWS failed item IDs: .... The operation has timed...

CVE-2026-10260

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

EUVD-2026-33639

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2026-10260

CVE-2026-10260 affects CodeAstro Online Job Portal 1.0. The vulnerability is in an unknown function within /admin/jobs-admins/delete-jobs.php where manipulating the ID parameter yields an SQL injection. Attackers can exploit remotely; the exploit is public. The CVSS metrics indicate a high/modera...