Lucene search
K

342 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-15137

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS0.00263EPSS
Exploits0References6
CVE
CVE
added 6 days ago11 views

CVE-2026-15137

CVE-2026-15137 affects code-projects Interview Management System 1.0. The vulnerability arises from insecure handling of the input argument ID in file inc\classes\View.php , which enables SQL injection . The issue is exploitable remotely with no authentication, and public exploits are reported. C...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-15137 code-projects Interview Management System View.php sql injection

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS0.00263EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-42493

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:4 a.m.9 views

CVE-2026-57912

Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/15 7:32 p.m.20 views

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview aka Famous Chollima, HexagonalRodent, and Void Dokkaebi. According to a report published by Proofpoint, the threat actor has...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

8.1CVSS5.5AI score0.00231EPSS
Exploits1References1
Spring Security Advisories
Spring Security Advisories
added 2026/05/26 12:0 a.m.11 views

This Week in Spring - May 26th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Coimbra, Portugal, where I just did my usual shtick on the latest and greatest in Spring Framework 7.x, Spring Boot 4.x, and Spring AI 2.x. It was a ton of fun, and I want to thank everybody who came out. Last week I w...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/05/14 5:25 p.m.10 views

Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS

Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords...

5.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2026/05/14 12:0 a.m.11 views

A Bootiful Podcast: the legendary Adib Saikali

Hi, Spring fans! I'm so thrilled to have been able to sit down and talk to my friend Adib Saikali!...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.12 views

CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

8.1CVSS6AI score0.00168EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.12 views

EUVD-2026-29116

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

8.1CVSS5.8AI score0.00231EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/11 6:31 p.m.13 views

EUVD-2026-29114

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

6AI score0.00168EPSS
Exploits1References4
NVD
NVD
added 2026/05/11 6:16 p.m.13 views

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

8.1CVSS0.00231EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.36 views

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

0.00231EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

HireFlow 安全漏洞

HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the lack of object-level authorization for the /candidate/ and /interview/ endpoints. As a...

8.1CVSS5.8AI score0.00231EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 12:0 a.m.15 views

CVE-2026-38566

CVE-2026-38566 affects HireFlow v1.2. The issue is CSRF on all state-changing POST endpoints (e.g., /profile password change, /candidates/delete/, /feedback/add/, /interviews/add) due to missing CSRF token validation and no SESSION_COOKIE_SAMESITE configuration. Root cause: CSRF token validation ...

8.1CVSS6AI score0.00168EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.7 views

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

5.8AI score0.00231EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.11 views

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

5.8AI score0.00231EPSS
Exploits1References4
CVE
CVE
added 2026/05/11 12:0 a.m.16 views

CVE-2026-38568

Vulnerability summary (CVE-2026-38568): HireFlow v1.2 is affected by Incorrect Access Control due to missing object-level authorization on the /candidate/ and /interview/ endpoints. The application retrieves records by user-supplied IDs without verifying owner or authorization, enabling any authe...

8.1CVSS5.8AI score0.00231EPSS
Exploits1References3
Rows per page
Query Builder