CVE-2026-38569

HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...

CVE-2026-38569

HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...

CVE-2018-9419

CVE-2018-9419 describes an information-disclosure flaw: an out-of-bounds read in the BLE path (l2cble_process_sig_cmd in l2c_ble.cc) that can leak remote data without extra privileges or user interaction. Public documents consistently state the impact as information disclosure with no exploitatio...

CVE-2021-3838

CVE-2021-3838 affects php-dompdf (before 2.0.0). The flaw stems from PHAR deserialization due to insufficient protocol checking when passing input to file_get_contents(), allowing an attacker who can upload arbitrary files to trigger deserialization via phar:// and potentially achieve remote code...

CVE-2024-1438

The CVE-2024-1438 entry concerns the WordPress plugin Rolo Slider (PressFore Ro lo Slider). Technical details in connected docs show a Missing Authorization vulnerability that allows unauthorized changes to settings in Rolo Slider versions up to and including 1.0.9. Public sources consistently de...

CAN-2005-2658

CVE-2005-2658 is a buffer overflow in Turquoise SuperStat (turqstat) prior to 2.2.x. Debian advisories describe remote exploitation via a crafted NNTP server that could execute arbitrary code. Public records cite fixed versions per distribution: 2.2.1woody1 (woody), 2.2.2sarge1 (sarge), and 2.2.4...

CAN-2005-1279

The CAN-2005-1279 entry corresponds to tcpdump vulnerabilities in the BGP dissector (RT_ROUTING_INFO handling) that can cause a denial of service via an infinite loop when processing crafted packets. Public advisories and patches exist across multiple distributions: Debian DSA-850-1/DSA-850 fix t...