Lucene search
K

3802 matches found

CVE
CVE
added yesterday14 views

CVE-2026-50310

Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally...

4.7CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-9237

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00227EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-55225

Name of the Vulnerable Software and Affected Versions FlowDrop versions 0.0.0 through 1.6.0 Description A missing authorization issue allows forceful browsing. The module, which enables testing and running AI-driven workflows via a chat interface, fails to sufficiently re-evaluate human-in-the-lo...

6.2AI score0.0023EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 6:16 a.m.10 views

CVE-2026-13535

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:0 a.m.11 views

CVE-2026-13537

A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...

5.3CVSS5.4AI score0.00162EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/29 5:0 a.m.9 views

EUVD-2026-40035

A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...

5.3CVSS5.4AI score0.00162EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 5:0 a.m.18 views

CVE-2026-13537

The CVE-2026-13537 entry concerns CodeAstro Human Resource Management System (version 1.0). The vulnerability is described as a cross-site request forgery affecting an unspecified function, with a remote attack possibility and public exploit. No explicit root cause details or affected subcomponen...

5.3CVSS5.4AI score0.00162EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 5:0 a.m.36 views

CVE-2026-13537 CodeAstro Human Resource Management System cross-site request forgery

A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...

5.3CVSS0.00162EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 4:30 a.m.7 views

EUVD-2026-40032

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:30 a.m.8 views

CVE-2026-13535

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/29 4:30 a.m.15 views

CVE-2026-13535

CodeAstro HRMS 1.0 is affected by an SQL injection in the View Endpoint’s GetFileInfo (Employee_model.php). Manipulating the ID argument enables remote SQL injection, with proofs-of-concept published. Root cause: unsafely concatenated or unsanitized ID in GetFileInfo; impact is limited to confide...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 3:16 a.m.11 views

CVE-2026-13525

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 2:0 a.m.17 views

CVE-2026-13525

CodeAstro Human Resource Management System 1.0 contains a SQL injection in Update_Earn_Leave Endpoint, specifically in Employee_model.php emselectByCode via the emid parameter. The vulnerability arises from unsanitized input leading to SQL injection, enabling remote exploitation. Public exploit a...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:15 a.m.4 views

HID: usbhid: fix deadlock in hid_post_reset()

...

5.5CVSS6.1AI score0.00176EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/26 11:30 a.m.13 views

Guardian Agents: The Next Layer of Identity Governance

AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, and the gap between what enterprises a...

6.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:2 p.m.6 views

CVE-2026-9716

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:2 p.m.32 views

CVE-2026-9716

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:2 p.m.5 views

EUVD-2026-39433

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:2 p.m.27 views

CVE-2026-9716

CVE-2026-9716 describes a CWE-476 NULL Pointer Dereference that could cause a denial-of-service, rendering a device’s HMI and configuration functionality unavailable when malformed requests hit exposed network interfaces. The root cause is a NULL pointer dereference; impact is high availability l...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.14 views

Malicious code in @frostnode/waitfor (npm)

@frostnode/waitfor malicious versions 0.9.0, 0.10.3, 0.10.4, and 0.10.5, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accoun...

6.1AI score
Exploits0References7
Rows per page
Query Builder