172 matches found
CVE-2026-41513
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...
CVE-2026-41513
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...
CVE-2026-41513 Horilla: Open Redirect via Unvalidated `next` Parameter in Notification Endpoints
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...
CVE-2026-41513
CVE-2026-41513 affects Horilla HR/CRM software (version 1.5.0) where notification endpoints trust an unvalidated next parameter, enabling open redirects to arbitrary external URLs. This can enable phishing/social-engineering redirects by turning legitimate links intomalicious destinations. Connec...
EUVD-2026-29692
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...
CVE-2026-41513 Horilla: Open Redirect via Unvalidated `next` Parameter in Notification Endpoints
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...
Horilla 输入验证错误漏洞
Horilla is a free open-source human resources software developed by Horilla Company. Version 1.5.0 of Horilla contains a vulnerability related to input validation errors. This vulnerability arises from the notification endpoint trusting unvalidated next parameters and redirecting users to arbitra...
PT-2026-40245
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...
CVE-2026-40867
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...
CVE-2026-40865
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
CVE-2026-40866
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...
CVE-2026-40867 Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...
EUVD-2026-24235
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...
CVE-2026-40867 Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...
CVE-2026-40867
Horilla CVE-2026-40867 affects Horilla HRMS (version 1.5.0). A broken access control flaw in the helpdesk attachment viewer lets any authenticated user view attachments from other tickets by altering the attachment ID, exposing sensitive support files and internal documents across unrelated users...
EUVD-2026-24234
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...
CVE-2026-40866
Horilla HRMS (version 1.5.0) contains an insecure direct object reference vulnerability in the employee document upload endpoint. An authenticated user can overwrite, replace, or corrupt another employee’s document by altering the document ID in the upload request, leading to unauthorized modific...
CVE-2026-40866 Horilla: Unauthorized Document Overwrite via File Upload Endpoint
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...
CVE-2026-40866 Horilla: Unauthorized Document Overwrite via File Upload Endpoint
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...