PT-2026-34058

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

CVE-2026-24037

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

EUVD-2020-22747

Malware in sbrugna...

CVE-2025-10197 HJSoft HCM Human Resources Management System downlawbase sql injection

A vulnerability was found in HJSoft HCM Human Resources Management System up to 20250822. Affected by this vulnerability is an unknown functionality of the file /templates/attestation/../../selfservice/lawresource/downlawbase. Performing manipulation of the argument ID results in sql injection...

CVE-2025-10197

CVE-2025-10197 concerns HJSoft HCM Human Resources Management System (up to 20250822). The vulnerability is a SQL injection in an unknown functionality of the file path /templates/attestation/../../selfservice/lawresource/downlawbase, triggered by manipulating the ID argument. Remote exploitation...

PT-2025-36545

Name of the Vulnerable Software and Affected Versions: SAP HCM My Timesheet Fiori 2.0 application affected versions not specified Description: The SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of...

Human Resources Management System 1.0 SQL Injection Vulnerability

Exploit Title: Human Resources Management System - HRM - Multiple SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software...

CVE-2022-3497

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to laun...

CVE-2022-3493

A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site...

SAP ERP HCM 安全漏洞

SAP ERP HCM is an enterprise human resource management solution from SAP, Germany. A security vulnerability exists in SAP ERP HCM that stems from the fact that SAP ERP HCM Portugal does not perform the necessary authorization checks on reports that read employee payroll data for a specific region...

Oracle E-Business Suite Unauthorized Access Vulnerability (CNVD-2021-57445)

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management, and so on, a collection of management software, is seamlessly integrated with a management suite. Oracle Human...

MintHCM Cross-Site Scripting Vulnerability

MINTHCM is a human resources management software developed by MINTHCM MintHCM A cross-site scripting vulnerability exists in version 3.0.8. The vulnerability stems from the Import feature that allows an attacker to perform cross-site scripting XSS loads in file uploads, which can be exploited by ...

Directory Traversal Vulnerability in Human Resource Management System of Dongguan Zhiyue Software Technology Co.

Ltd. is a high-tech enterprise with independent intellectual property rights and its own brand, integrating R&D, production, sales and service. Ltd. Human Resources Management System has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information...