CVE-2025-60934

Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...

CVE-2025-60932

Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

HR Performance Solutions Performance Pro 安全漏洞

HR Performance Solutions Performance Pro is an employee performance management platform from HR Performance USA. A security vulnerability exists in Performance Pro version v3.19.17, which stems from improper handling of the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note...

CVE-2025-60934

Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...

CVE-2025-60934

CVE-2025-60934 affects HR Performance Solutions Performance Pro v3.19.17. Multiple stored XSS vulnerabilities exist in the index.php component, enabling an attacker to inject arbitrary web scripts or HTML via crafted payloads placed in Employee Notes, title, or description parameters. The underly...

HR Performance Solutions Performance Pro 安全漏洞

HR Performance Solutions Performance Pro is an employee performance management platform from HR Performance USA. A security vulnerability exists in HR Performance Solutions Performance Pro version 3.19.17, which stems from Employee Notes and title and description parameters not properly validatin...

EUVD-2025-35169

Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

HR Performance Solutions Performance Pro 安全漏洞

HR Performance Solutions Performance Pro is an employee performance management platform from HR Performance, Inc. A security vulnerability exists in HR Performance Solutions Performance Pro version 3.19.17, which stems from insufficient cleanup and escaping of Goal Name, Goal Notes, Action Step...

CVE-2025-60932

Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

EUVD-2025-35170

Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

Security update for pam

This update for pam fixes the following issues: Improve previous CVE-2024-10041 fix which led to CPU performance issues bsc1232234 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

SUSE-SU-2025:02970-2 Security update for pam

This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues bsc1232234...

Under the engineering hood: Why Malwarebytes chose WordPress as its CMS

It might surprise some that a security company would choose WordPress as the backbone of its digital content operations. After all, WordPress is often associated with open-source plugins, community themes, and a wide range of deployment practices—some stronger than others. But that perception...

SUSE CVE-2025-2529

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

GHSA-2CJV-6WG9-F4F3 Strapi Password Hashing is Missing Maximum Password Length Validation

Summary Strapi's password hashing implementation using bcryptjs lacks maximum password length validation. Since bcryptjs truncates passwords exceeding 72 bytes, this creates potential vulnerabilities such as authentication bypass and performance degradation. POC Create an admin user with a passwo...

CVE-2025-2529

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

ROS-20251016-03

A vulnerability in the FirmwarePerformancePei.c component of the UEFI EDK2 open source development environment is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

EUVD-2022-55091

In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1 An uncorrected error. 2 That err...

CVE-2025-2529

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

CVE-2025-2529

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...