Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/01/22 4:15 a.m.4 views

CVE-2026-24034

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS0.00016EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/01/22 2:41 a.m.4 views

CVE-2026-24034

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5AI score0.00016EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/01/22 2:41 a.m.15 views

CVE-2026-24034 Horilla has File Upload XSS

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS0.00016EPSS
Exploits1References2
EUVD
EUVDadded 2026/01/22 2:41 a.m.2 views

EUVD-2026-4214

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5.1AI score0.00016EPSS
Exploits1References2
CVE
CVEadded 2026/01/22 2:41 a.m.5 views

CVE-2026-24034

CVE-2026-24034 affects Horilla HRMS. In versions prior to 1.5.0, an XSS vulnerability can be triggered during profile photo update because the extension and content-type are not checked. The issue is fixed in 1.5.0. If you use Horilla, upgrade to 1.5.0 or later to mitigate. The provided sources c...

5.4CVSS5.1AI score0.00016EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/01/22 12:0 a.m.6 views

PT-2026-3909

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5.1AI score0.00016EPSS
Exploits1References2
OSV
OSVadded 2022/03/31 7:15 p.m.1 views

CVE-2021-43484

A Remote Code Execution RCE vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request...

9.8CVSS5.9AI score0.12708EPSS
Exploits0References1
OSV
OSVadded 2021/01/20 6:15 p.m.0 views

CVE-2021-21269

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust join method without checking user input might have made it abe to do a Path Traversal attack causing to read more...

6.5CVSS6.6AI score
Exploits0References2
Rows per page
Query Builder