CVE-2026-1161 - pbrong hrms recruitment.go UpdateRecruitmentById cross site scripting
CVE ID : CVE-2026-1161
Published : Jan. 19, 2026, 4:15 p.m. | 23 minutes ago
Description : A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1161
Published : Jan. 19, 2026, 4:15 p.m. | 23 minutes ago
Description : A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22031 - Fastify Middie Middleware Path Bypass
CVE ID : CVE-2026-22031
Published : Jan. 19, 2026, 4:15 p.m. | 23 minutes ago
Description : @fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., `/%61dmin` instead of `/admin`). While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify router correctly decodes the path and matches the route handler, allowing attackers to access protected endpoints without the middleware constraints. Version 9.1.0 fixes the issue.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22031
Published : Jan. 19, 2026, 4:15 p.m. | 23 minutes ago
Description : @fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., `/%61dmin` instead of `/admin`). While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify router correctly decodes the path and matches the route handler, allowing attackers to access protected endpoints without the middleware constraints. Version 9.1.0 fixes the issue.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0900 - Google Chrome V8 HTML Object Corruption Vulnerability
CVE ID : CVE-2026-0900
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0900
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0901 - Google Chrome Blink UI Spoofing Vulnerability
CVE ID : CVE-2026-0901
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0901
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0902 - Google Chrome V8 HTML Out-of-Bounds Memory Read Vulnerability
CVE ID : CVE-2026-0902
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0902
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0903 - Google Chrome Insecure File Type Bypass Vulnerability
CVE ID : CVE-2026-0903
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0903
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0904 - Google Chrome Domain Spoofing Vulnerability
CVE ID : CVE-2026-0904
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0904
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0905 - Google Chrome Network Policy Enforcement Information Disclosure Vulnerability
CVE ID : CVE-2026-0905
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0905
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0906 - Google Chrome Android Omnibox Spoofing Vulnerability
CVE ID : CVE-2026-0906
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0906
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0907 - Google Chrome Spoofing Vulnerability
CVE ID : CVE-2026-0907
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0907
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0908 - Google Chrome ANGLE Use-After-Free Heap Corruption Vulnerability
CVE ID : CVE-2026-0908
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0908
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23909 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2026-23909
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23909
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23910 - Cisco WebEx Meeting Center Information Disclosure
CVE ID : CVE-2026-23910
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23910
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23911 - Adobe Flash Player Unserialize Buffer Overflow
CVE ID : CVE-2026-23911
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23911
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23912 - Citrix NetScaler Unvalidated Redirect
CVE ID : CVE-2026-23912
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23912
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23913 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2026-23913
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23913
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23914 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2026-23914
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23914
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23915 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2026-23915
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23915
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23916 - Citrix NetScaler Denial of Service
CVE ID : CVE-2026-23916
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23916
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23917 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2026-23917
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23917
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66523 - Reflected Cross-Site Scripting (XSS) Vulnerability in na1.foxitesign.foxit.com via Unsanitized URL Parameters
CVE ID : CVE-2025-66523
Published : Jan. 20, 2026, 7:15 a.m. | 3 hours, 33 minutes ago
Description : URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66523
Published : Jan. 20, 2026, 7:15 a.m. | 3 hours, 33 minutes ago
Description : URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026‑01‑16.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...