8.8
CVE-2019-25504 - NCrypted Jobgator Lastest SQL Injection via agents Find-Jobs
NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract sensit…
7.1
CVE-2019-25503 - PHPads 2.0 SQL Injection via click.php3 bannerID
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue t…
5.1
CVE-2019-25502 - Simple Job Script Cross-Site Scripting via job_type_value Parameter
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim brow…
8.8
CVE-2019-25501 - Simple Job Script SQL Injection via delete_application_ajax.php
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST requests to delete_application_ajax.php with crafted payloads to extract sensitive data, bypass authen…
8.8
CVE-2019-25500 - Simple Job Script SQL Injection via register-recruiters endpoint
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to extra…
8.8
CVE-2019-25499 - Simple Job Script SQL Injection via get_job_applications_ajax.php
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send POST requests to get_job_applications_ajax.php with malicious job_id values to bypass authentication,…
8.8
CVE-2019-25498 - Simple Job Script SQL Injection via searched Endpoint
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authentication…
6
CVE-2026-20008 - Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Lua C…
A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating s…
5.3
CVE-2026-20009 - Cisco Secure Firewall Adaptive Security Appliance SSH Partial Private Key Authentication Bypass Vul…
A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to log in to a Cisco Secure Firewall ASA device and execute commands as a specific…
5.5
CVE-2026-26949 - Elevation of Privileges via Incorrect Authorization in Dell Device Management Agent
Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.