3802 matches found
CVE-2026-50310
Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally...
CVE-2026-9237
The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
PT-2026-55225
Name of the Vulnerable Software and Affected Versions FlowDrop versions 0.0.0 through 1.6.0 Description A missing authorization issue allows forceful browsing. The module, which enables testing and running AI-driven workflows via a chat interface, fails to sufficiently re-evaluate human-in-the-lo...
CVE-2026-13535
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...
CVE-2026-13537
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...
EUVD-2026-40035
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...
CVE-2026-13537
The CVE-2026-13537 entry concerns CodeAstro Human Resource Management System (version 1.0). The vulnerability is described as a cross-site request forgery affecting an unspecified function, with a remote attack possibility and public exploit. No explicit root cause details or affected subcomponen...
CVE-2026-13537 CodeAstro Human Resource Management System cross-site request forgery
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...
EUVD-2026-40032
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...
CVE-2026-13535
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...
CVE-2026-13535
CodeAstro HRMS 1.0 is affected by an SQL injection in the View Endpoint’s GetFileInfo (Employee_model.php). Manipulating the ID argument enables remote SQL injection, with proofs-of-concept published. Root cause: unsafely concatenated or unsanitized ID in GetFileInfo; impact is limited to confide...
CVE-2026-13525
A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...
CVE-2026-13525
CodeAstro Human Resource Management System 1.0 contains a SQL injection in Update_Earn_Leave Endpoint, specifically in Employee_model.php emselectByCode via the emid parameter. The vulnerability arises from unsanitized input leading to SQL injection, enabling remote exploitation. Public exploit a...
HID: usbhid: fix deadlock in hid_post_reset()
...
Guardian Agents: The Next Layer of Identity Governance
AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, and the gap between what enterprises a...
CVE-2026-9716
CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...
CVE-2026-9716
CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...
EUVD-2026-39433
CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...
CVE-2026-9716
CVE-2026-9716 describes a CWE-476 NULL Pointer Dereference that could cause a denial-of-service, rendering a device’s HMI and configuration functionality unavailable when malformed requests hit exposed network interfaces. The root cause is a NULL pointer dereference; impact is high availability l...
Malicious code in @frostnode/waitfor (npm)
@frostnode/waitfor malicious versions 0.9.0, 0.10.3, 0.10.4, and 0.10.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accoun...