CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

PT-2025-48368

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no...

EUVD-2025-31031

Malicious code in bioql PyPI...

CVE-2025-48869

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

PT-2025-39308

Name of the Vulnerable Software and Affected Versions Horilla version 1.3.0 Description Horilla is a Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files by directly guessing or predicting file URLs. These files are stored in a publicly accessible director...

Horilla 访问控制错误漏洞

Horilla is a free and open source human resources software from Horilla, Inc. An access control error vulnerability exists in Horilla version 1.3.0 that originates from an unauthenticated user being able to access an uploaded resume file by guessing or predicting the file URL, which could result ...

CVE-2019-17604

An Insecure Direct Object Reference IDOR vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information first name, last name, email, CV, phone number, and all other personal information by changing the value of the candidate id the id...