Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2026/03/05 7:30 p.m.4 views

CVE-2019-25500

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...

8.8CVSS6.1AI score0.00294EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.7 views

EUVD-2019-19726

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...

8.8CVSS6.1AI score0.00294EPSS
Exploits1References3
NVD
NVD
added 2026/03/04 6:16 p.m.5 views

CVE-2019-25500

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...

8.8CVSS0.00294EPSS
Exploits1References2
OSV
OSV
added 2026/03/04 6:16 p.m.2 views

CVE-2019-25500

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...

8.2CVSS5.9AI score0.00294EPSS
Exploits1References2
CVE
CVE
added 2026/03/04 5:15 p.m.8 views

CVE-2019-25500

Simple Job Script is affected by an SQL injection in the employerid parameter of the register-recruiters endpoint. Attackers can send unauthenticated POST requests to manipulate queries, potentially exposing sensitive data (C: HIGH) and altering data (I: LOW). Affected vector is network with low ...

8.8CVSS6.1AI score0.00294EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/04 5:15 p.m.2 views

CVE-2019-25500 Simple Job Script SQL Injection via register-recruiters endpoint

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...

8.8CVSS6.1AI score0.00294EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/04 5:15 p.m.2 views

CVE-2019-25500

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...

8.8CVSS6.1AI score0.00294EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/04 5:15 p.m.30 views

CVE-2019-25500 Simple Job Script SQL Injection via register-recruiters endpoint

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...

8.8CVSS0.00294EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.5 views

PT-2026-22955

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...

8.8CVSS6.1AI score0.00294EPSS
Exploits1References2
Schneier on Security
Schneier on Security
added 2026/02/27 12:4 p.m.8 views

Phishing Attacks Against People Seeking Programming Jobs

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/12 5:57 p.m.11 views

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence AI model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber...

8.8CVSS8.1AI score0.85778EPSS
Exploits35
The Hacker News
The Hacker News
added 2025/09/25 1:14 p.m.4 views

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name...

7.1AI score
Exploits0
Trellix
Trellix
added 2025/09/18 12:0 a.m.13 views

Dark Web Roast - August 2025 Edition

Dark Web Roast - August 2025 Edition By Trellix Advanced Research Center · September 18, 2025 Executive Summary August 2025 delivered a masterclass in cybercriminal incompetence that would make amateur hour look professional. From racist social engineering recruiters who prioritize race over actu...

9.8CVSS7.1AI score0.99982EPSS
Exploits41
Malwarebytes
Malwarebytes
added 2024/10/23 3:8 p.m.7 views

LinkedIn bots and spear phishers target job seekers

Microsoft's social network for professionals, LinkedIn, is an important platform for job recruiters and seekers alike. It's also a place where criminals go to find new potential victims. Like other social media platforms, LinkedIn is no stranger to bots attracted to special keywords and hashtags...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/02 3:8 p.m.19 views

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called Moreeggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading a...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/17 4:27 p.m.29 views

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea DPRK have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/12/15 9:4 a.m.4 views

TA4557 Targets Recruiters by Delivering Malware Disguised as Job Applicant

Summary: Threat actor TA4557 has been focusing on recruiters by posing as job applicants to distribute malware. While this approach is not unprecedented, there have been notable shifts in both technique and attack vectors compared to their previous methods. The attackers have demonstrated an...

7.2AI score
Exploits0
HackRead
HackRead
added 2023/12/12 5:54 p.m.14 views

Fake Resumes, Real Malware: TA4557 Exploits Recruiters for Backdoor Access

By Waqas TA4557 is a financially motivated threat actor known to distribute the MoreEggs backdoor against recruiters on LinkedIn. This is a post from HackRead.com Read the original post: Fake Resumes, Real Malware: TA4557 Exploits Recruiters for Backdoor Access...

7.2AI score
Exploits0
CNVD
CNVD
added 2023/04/14 12:0 a.m.19 views

OpenCATS Cross-Site Scripting Vulnerability (CNVD-2023-29368)

OpenCATS is a leading open source applicant tracking system for recruiters and companies. A security vulnerability exists in OpenCats v0.9.7. An attacker could use the vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the state parameter of...

5.8AI score0.00429EPSS
Exploits0Affected Software1
Openbugbounty
Openbugbounty
added 2022/08/31 7:14 p.m.11 views

jobs.quantumrecruiters.net Cross Site Scripting vulnerability OBB-2881408

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rows per page
Query Builder