Lucene search
K

330 matches found

CVE
CVE
added 6 days ago14 views

CVE-2026-13537

The CVE-2026-13537 entry concerns CodeAstro Human Resource Management System (version 1.0). The vulnerability is described as a cross-site request forgery affecting an unspecified function, with a remote attack possibility and public exploit. No explicit root cause details or affected subcomponen...

5.3CVSS5.4AI score0.00162EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40032

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
CVE
CVE
added 6 days ago13 views

CVE-2026-13535

CodeAstro HRMS 1.0 is affected by an SQL injection in the View Endpoint’s GetFileInfo (Employee_model.php). Manipulating the ID argument enables remote SQL injection, with proofs-of-concept published. Root cause: unsafely concatenated or unsanitized ID in GetFileInfo; impact is limited to confide...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-13535

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-13525

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36604

A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...

6.5CVSS5.3AI score0.0025EPSS
Exploits0References7
CVE
CVE
added 2026/06/12 8:45 p.m.21 views

CVE-2026-12130

CodeAstro Human Resource Management System 1.0 is affected in the Projects Management Page (file /Projects/Add_Projects). The vulnerability is a stored/reflected cross-site scripting described as caused by manipulation of the protitle argument. The attack can be launched remotely and an exploit h...

5.1CVSS3.8AI score0.00203EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-49000

Name of the Vulnerable Software and Affected Versions CodeAstro Human Resource Management System version 1.0 Description An SQL injection issue exists within the Payroll Invoice Module. The flaw is located in the Invoice function of the applicationcontrollersPayroll.php file, where improper...

6.5CVSS6.6AI score0.0025EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-48975

Name of the Vulnerable Software and Affected Versions CodeAstro Human Resource Management System version 1.0 Description A security flaw in the Projects Management Page component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted...

5.1CVSS4.5AI score0.00203EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.10 views

PT-2026-48974

Name of the Vulnerable Software and Affected Versions CodeAstro Human Resource Management System version 1.0 Description Cross site scripting can be triggered remotely via the manipulation of the todo data argument within the '/dashboard/add tod' endpoint of the Dashboard Interface component...

5.1CVSS4.7AI score0.00203EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 a.m.12 views

CVE-2026-11491

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS3.7AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 5:15 a.m.11 views

EUVD-2026-35022

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS3.6AI score0.00223EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.8 views

CodeAstro Human Resource Management System 跨站脚本漏洞

The CodeAstro Human Resource Management System is a human resource management system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Human Resource Management System has a cross-site scripting vulnerability. This vulnerability stems from incorrect handling of the Notice Title...

4.8CVSS4.3AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-10624

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS5AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 8:30 p.m.12 views

EUVD-2026-34024

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS5.3AI score0.00242EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/02 8:30 p.m.8 views

CVE-2026-10624 SourceCodester Human Resource Management Employee View detailview.php resource injection

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS5.3AI score0.00242EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:30 p.m.8 views

CVE-2026-10624

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS5.3AI score0.00242EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/02 8:30 p.m.28 views

CVE-2026-10624

The vulnerability affects SourceCodester Human Resource Management 1.0, in the Employee View Page’s detailview.php. Manipulating the employeeid parameter leads to improper control of resource identifiers (an IDOR-style issue). Exploitation can be performed remotely, and public disclosure of the e...

5.3CVSS5.3AI score0.00242EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:1 p.m.11 views

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45853

Name of the Vulnerable Software and Affected Versions SourceCodester Human Resource Management version 1.0 Description An issue exists in the Employee View Page component within the '/detailview.php' endpoint. Remote manipulation of the employeeid argument leads to improper control of resource...

5.3CVSS5.7AI score0.00242EPSS
Exploits0References10
Rows per page
Query Builder