Skip to main content

Django Job Portal

1 CVEs product

Monthly

CVE-2026-15188 LOW POC Monitor

Improper access control in manjurulhoque's django-job-portal allows authenticated remote attackers to manipulate the `role` argument via the `EditEmployeeProfileAPIView` endpoint, enabling unauthorized privilege escalation within the Employee Dashboard. All commits up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f are affected under a rolling release model with no fixed version available. A publicly available proof-of-concept exploit exists via GitHub issue #91; the project maintainer has not responded to disclosure and no patch has been released.

Authentication Bypass Python Django Job Portal
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
EPSS 0% CVSS 2.1
LOW POC Monitor

Improper access control in manjurulhoque's django-job-portal allows authenticated remote attackers to manipulate the `role` argument via the `EditEmployeeProfileAPIView` endpoint, enabling unauthorized privilege escalation within the Employee Dashboard. All commits up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f are affected under a rolling release model with no fixed version available. A publicly available proof-of-concept exploit exists via GitHub issue #91; the project maintainer has not responded to disclosure and no patch has been released.

Authentication Bypass Python Django Job Portal
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy