3 matches found
CVE-2026-40865
creationtimestamp| type| source ---|---|--- 2026-04-21 21:26:08+00:00| published-proof-of-concept| Telegram/Sh-VDLwDsigv2TtmIHQb5bM9xL-0-hntwqefkM3TigDwq8o 2026-04-21 21:26:25+00:00| seen| Telegram/zADwex3kLz9IaLHwxMwQfRAPY0yfg2SR1HrZ5uE72Qmc...
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
PT-2026-33316
Name of the Vulnerable Software and Affected Versions Horilla version 1.5.0 Description An insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite, replace, or corrupt another employee's document by changing the document ID in the uploa...