CVE-2022-50697

In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be...

Everest Ransomware Claims AT&T Careers Breach with 576K Records

Everest ransomware group claims a breach of AT&T Careers, alleging theft of 576,000 applicant and employee records locked behind a password-protected listing...

EUVD-2023-36882

Malicious code in bioql PyPI...

OESA-2025-2005 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet devices. Besides the fact that it doesn't make much sense, thi...

CVE-2023-32639

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

MAL-2024-6642 Malicious code in applicant-tracking_api (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in applicant-tracking_api (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

Cybersecurity researchers have spotted a phishing attack distributing the Moreeggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024,...

CVE-2023-32639

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

CVE-2023-32639

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

Xxe

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

CVE-2023-32639

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

PT-2023-23927 · Unknown · Applicant Programme

Name of the Vulnerable Software and Affected Versions: Applicant Programme versions 7.06 and earlier Description: The issue is related to the improper restriction of XML external entity references XXE in the Applicant Programme. This allows an attacker to read arbitrary files on the system by...

Improper restriction of XML external entity references (XXE) in Applicant Programme

Overview Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#37857022: Improper restriction of XML external entity references (XXE) in Applicant Programme

Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the latest...

The Ministry of Justice Applicant Programme 代码问题漏洞

The Ministry of Justice Applicant Programme is a Department of Justice applicant programme application organized by The Ministry of Justice. A security vulnerability exists in Applicant Programme V7.06 and prior versions, which stems from an improper restriction of XML external entity references,...

OpenCATS Cross-Site Scripting Vulnerability (CNVD-2023-29368)

OpenCATS is a leading open source applicant tracking system for recruiters and companies. A security vulnerability exists in OpenCats v0.9.7. An attacker could use the vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the state parameter of...

Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-04997)

A cross-site scripting vulnerability exists in the Apache Pluto Applicant MVCBean CDI portlet, which stems from the Apache Pluto Applicant MVCBean CDI runtime environment. portlet is vulnerable to cross-site scripting XSS attacks in the input fields of the JSP version of the portlet. No details o...

GHSA-JG6J-JRXV-2HH9 Cross-site Scripting in Apache Pluto

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...

CVE-2021-36738

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...