18 matches found
CVE-2026-39346
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...
CVE-2026-39346
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...
EUVD-2026-19856
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...
CVE-2026-39346 OrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL Encoding
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...
CVE-2026-39346
OrangeHRM Open Source versions 5.0–5.8 are affected by an Improper Access Control via URL-encoded paths that lets authenticated users access modules disabled by an administrator. Root cause: bypass of disabled-module access controls. Impact: exposure of module functionality with LOW impact to con...
CVE-2026-39346 OrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL Encoding
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...
PT-2026-30969
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...
OrangeHRM 访问控制错误漏洞
OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained an access contro...
CVE-2025-64490
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...
CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...
CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...
GHSA-63VW-RPRV-4F8J CSRF vulnerability in Jenkins Ivy Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules...
CVE-2023-41938
A cross-site request forgery CSRF vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules...
CVE-2023-41938
A cross-site request forgery CSRF vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules...
CVE-2023-41938
A cross-site request forgery CSRF vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules...
CVE-2023-41938
CVE-2023-41938 is a CSRF flaw in the Jenkins Ivy Plugin (versions ≤ 2.5) that lets attackers delete disabled modules. The issue scope is limited to the Ivy Plugin, with an external attacker requiring user interaction, and the base CVSS v3.1 vector indicates Network access, Low attack complexity, ...
PT-2023-28176 · Jenkins · Jenkins Ivy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Ivy Plugin versions 2.5 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to delete disabled modules. Recommendations: For Jenkins Ivy Plugin versions 2.5 and earlier, update to a version later...