CVE-2026-38566

HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...

EUVD-2020-29798

Malware in sbrugna...

CVE-2024-31213

InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...

D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 is a wireless access point AP from AUO D-Link that supports POE power supply and is mainly used for wireless network coverage in enterprise or commercial scenarios. The D-Link DAP-2622 suffers from a stack buffer overflow remote code execution vulnerability, which stems from a sta...

CVE-2020-8968

Parallels Remote Application Server RAS allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an...

Dahua Digital Video Recorder and IP Camera Configuration File Password Vulnerability

Dahua DH-IPC-HDBW23A0RN-ZS and others are camera products from DaHua China. A profile password vulnerability exists in a variety of DaHua digital video recorders and IP cameras, which can be exploited by an attacker to impersonate a privileged user and gain access to sensitive information...