Lucene search
K

8549 matches found

Cvelist
Cvelist
added 2026/05/11 12:0 a.m.34 views

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

0.00231EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.11 views

PT-2026-39656

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

8.1CVSS5.8AI score0.00231EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.9 views

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

6AI score0.00168EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.37 views

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

0.00168EPSS
Exploits1References3
CVE
CVE
added 2026/05/11 12:0 a.m.13 views

CVE-2026-38568

Vulnerability summary (CVE-2026-38568): HireFlow v1.2 is affected by Incorrect Access Control due to missing object-level authorization on the /candidate/ and /interview/ endpoints. The application retrieves records by user-supplied IDs without verifying owner or authorization, enabling any authe...

8.1CVSS5.8AI score0.00231EPSS
Exploits1References3
CVE
CVE
added 2026/05/11 12:0 a.m.12 views

CVE-2026-38569

CVE-2026-38569 affects HireFlow v1.2. The vulnerability is a Cross Site Scripting (XSS) flaw in candidate_detail.html that can be triggered via the Resume or Feedback Comment fields when submitting through POST /candidates/add or POST /feedback/add. The underlying issue is an XSS in the candidate...

5.4CVSS5.8AI score0.00208EPSS
Exploits1References3
CVE
CVE
added 2026/05/11 12:0 a.m.14 views

CVE-2026-38566

CVE-2026-38566 affects HireFlow v1.2. The issue is CSRF on all state-changing POST endpoints (e.g., /profile password change, /candidates/delete/, /feedback/add/, /interviews/add) due to missing CSRF token validation and no SESSION_COOKIE_SAMESITE configuration. Root cause: CSRF token validation ...

8.1CVSS6AI score0.00168EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/10 12:33 a.m.9 views

EUVD-2026-28949

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

5.3CVSS5.4AI score0.00258EPSS
Exploits1References9
OSV
OSV
added 2026/05/09 11:16 p.m.6 views

DEBIAN-CVE-2026-8213

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

5.5CVSS5.5AI score0.00258EPSS
Exploits1References1
CVE
CVE
added 2026/05/08 12:0 a.m.47 views

CVE-2024-33724

SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. Affected software is SOPlanning; the vulnerability arises in the groupe_id handling, enabling injection that can affect authenticated users and potentially hijack sessions (per C...

5.4CVSS5.8AI score0.00551EPSS
Exploits1References2
OSV
OSV
added 2026/05/07 8:16 p.m.4 views

DEBIAN-CVE-2026-8087

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...

7.8CVSS5.8AI score0.00223EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/07 7:30 p.m.7 views

CVE-2026-8088

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

5.5CVSS5.3AI score0.00246EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38559

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description A heap-based buffer overflow occurs in the GDnentries function within the frmts/hdf4/hdf-eos/GDapi.c file. This issue is triggered by manipulating the DataFieldName argument and requires the...

7.8CVSS6.2AI score0.00223EPSS
Exploits1References12
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.7 views

CVE-2026-8084

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

5.5CVSS5.4AI score0.00264EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/04 2:31 p.m.7 views

CVE-2026-4928

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/01 9:30 p.m.5 views

CVE-2025-12993

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67968. Reason: This candidate is a reservation duplicate of CVE-2025-67968. Notes: All CVE users should reference CVE-2025-67968 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

9.9CVSS6AI score0.00525EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:30 p.m.5 views

CVE-2025-8903

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2052. Reason: This candidate is a reservation duplicate of CVE-2026-2052 Notes: All CVE users should reference CVE-2026-2052 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

5.8AI score0.00774EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/01 4:16 p.m.12 views

CVE-2026-42481

Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...

5.5CVSS5.8AI score0.00098EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 3:33 p.m.3 views

CVE-2026-6337

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.3AI score
Exploits0References1
Snyk
Snyk
added 2026/04/22 10:22 p.m.7 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the ToolConfigModel tool and config name handling in the Ruby and Python models. An attacker can write or delete arbitrary files within the shared /plugins directory by supplying tool or config names containi...

5.3CVSS5.9AI score0.00313EPSS
Exploits1References2
Rows per page
Query Builder