10761 matches found
CVE-2025-60932
CVE-2025-60932 describes multiple stored XSS vulnerabilities in HR Performance Solutions Performance Pro v3.19.17, exploitable via crafted payloads in Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, and Goal Description. The underlying issue is insufficient cleanup/es...
EUVD-2025-35168
Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...
CVE-2025-60934
CVE-2025-60934 affects HR Performance Solutions Performance Pro v3.19.17. Multiple stored XSS vulnerabilities exist in the index.php component, enabling an attacker to inject arbitrary web scripts or HTML via crafted payloads placed in Employee Notes, title, or description parameters. The underly...
EUVD-2025-35169
Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
HR Performance Solutions Performance Pro 安全漏洞
HR Performance Solutions Performance Pro is an employee performance management platform from HR Performance, Inc. A security vulnerability exists in HR Performance Solutions Performance Pro version 3.19.17, which stems from insufficient cleanup and escaping of Goal Name, Goal Notes, Action Step...
CVE-2025-60932
Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
HR Performance Solutions Performance Pro 安全漏洞
HR Performance Solutions Performance Pro is an employee performance management platform from HR Performance USA. A security vulnerability exists in HR Performance Solutions Performance Pro version 3.19.17, which stems from Employee Notes and title and description parameters not properly validatin...
Security update for pam
This update for pam fixes the following issues: Improve previous CVE-2024-10041 fix which led to CPU performance issues bsc1232234 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
SUSE-SU-2025:02970-2 Security update for pam
This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues bsc1232234...
Under the engineering hood: Why Malwarebytes chose WordPress as its CMS
It might surprise some that a security company would choose WordPress as the backbone of its digital content operations. After all, WordPress is often associated with open-source plugins, community themes, and a wide range of deployment practices—some stronger than others. But that perception...
SUSE CVE-2025-2529
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...
GHSA-2CJV-6WG9-F4F3 Strapi Password Hashing is Missing Maximum Password Length Validation
Summary Strapi's password hashing implementation using bcryptjs lacks maximum password length validation. Since bcryptjs truncates passwords exceeding 72 bytes, this creates potential vulnerabilities such as authentication bypass and performance degradation. POC Create an admin user with a passwo...
CVE-2025-2529
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...
ROS-20251016-03
A vulnerability in the FirmwarePerformancePei.c component of the UEFI EDK2 open source development environment is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
EUVD-2022-55091
In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1 An uncorrected error. 2 That err...
CVE-2025-2529
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...
CVE-2025-2529
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...
Toward Cybersecurity-Expert Small Language Models
Large language models LLMs are transforming everyday applications, yet deployment in cybersecurity lags due to a lack of high-quality, domain-specific models and training datasets. To address this gap, we present CyberPal 2.0, a family of cybersecurity-expert small language models SLMs ranging fr...
Support for Windows Server 2016 will end in January 2027
Support for Windows Server 2016 will end in January 2027 We recommend upgrading to the latest version of Windows Server. Running the latest version of Windows Server allows you to use the latest features – including the latest security features – and delivers the best performance.To learn more...
SolarWinds Database Performance Analyzer (DPA) Installed (Linux)
Binary data solarwindsdpanixinstalled.nbin...