Lucene search
K

120 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.8 views

CVE-2026-38569

HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...

5.4CVSS5.5AI score0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.12 views

CVE-2026-49490

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

8.6CVSS6.1AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/31 12:7 p.m.12 views

EUVD-2026-33502

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

8.6CVSS6.1AI score0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/31 12:7 p.m.11 views

CVE-2026-49490

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

8.6CVSS6.1AI score0.00249EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/31 12:7 p.m.34 views

CVE-2026-49490 OpenCATS - SQL Injection in DataGrid Filter Handling for Tags Column

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

8.6CVSS0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.12 views

PT-2026-45192

OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to inject SQL through crafted filters targeting the non-filterable Tags column in the Candidates DataGrid. Attackers can bypass column filterable restrictions by...

8.6CVSS6.1AI score0.00249EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 9:30 p.m.9 views

EUVD-2026-30372

Foscam VD1 Video Doorbell before V5.3.131072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

5.9AI score0.00131EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41015

Foscam VD1 Video Doorbell before V5.3.13 1072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

5.9AI score0.00131EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.10 views

EUVD-2026-29117

HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...

5.4CVSS5.8AI score0.00208EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

HireFlow 跨站脚本漏洞

HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a cross-site scripting vulnerability. This vulnerability stems from the Resume or Feedback Comment fields in the candidatedetail.html file, where...

5.4CVSS5.6AI score0.00208EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/07 2:59 a.m.17 views

hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression

During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...

5.3CVSS6.8AI score0.00806EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.29 views

CVE-2026-42482

A stack-based buffer overflow in mangletohexlower and mangletohexupper in src/rpcpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more...

0.00404EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/10 1:4 a.m.2 views

Directory Traversal

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Directory Traversal via the Loader.candidates resolution when require.resolve is used as a fallback; an attacker can read arbitrary...

8.7CVSS6.2AI score0.00557EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/03 11:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the resolveSenderCandidates process. An attacker can gain unauthorized access to command or directive execution by configuring...

7.1CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/20 6:40 a.m.6 views

CVE-2017-4552

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 6:39 a.m.4 views

CVE-2017-4519

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 6:38 a.m.3 views

CVE-2017-4501

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 6:27 a.m.4 views

CVE-2017-4154

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.5 views

CVE-2023-49467

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derivecombinedbipredictivemergingcandidates function at motion.cc...

8.8CVSS7.2AI score0.00775EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/12/31 10:1 a.m.153 views

VULNEXPO

🔥 VULNEXPO — Vulnerability Detection & Exploitation Framework...

6.8AI score
Exploits0
Rows per page
Query Builder