CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

CVE-2026-38566

CVE-2026-38566 affects HireFlow v1.2. The issue is CSRF on all state-changing POST endpoints (e.g., /profile password change, /candidates/delete/, /feedback/add/, /interviews/add) due to missing CSRF token validation and no SESSION_COOKIE_SAMESITE configuration. Root cause: CSRF token validation ...

EUVD-2022-41154

Malicious code in bioql PyPI...

CVE-2022-38576

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand=...

CVE-2022-38576

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=...

CVE-2022-38576

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=...

Interview Management System SQL注入漏洞

Interview Management System is an interview management system for janobe individual developers. Interview Management System v1.0 version has a security vulnerability, the vulnerability stems from the /interview/delete.php?action=deletecand&id=component that allows an attacker to achieve SQL...