Lucene search
+L

2761 matches found

Nuclei
Nuclei
added 9 hours ago43 views

Employee Records System 1.0 - Unauthenticated File Upload RCE

Employee Records System version 1.0 contains an unrestricted file upload vulnerability in uploadID.php that allows remote unauthenticated attackers to upload arbitrary PHP files and achieve remote code execution. id: CVE-2021-4462 info: name: Employee Records System 1.0 - Unauthenticated File...

9.8CVSS6AI score0.03237EPSS
Exploits2References2
NVD
NVD
added 2026/07/12 5:16 a.m.8 views

CVE-2026-15478

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS0.00192EPSS
Exploits0References5
CVE
CVE
added 2026/07/12 4:30 a.m.15 views

CVE-2026-15478

IceHRM

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
CVE
CVE
added 2026/07/09 3:15 p.m.10 views

CVE-2026-15188

The CVE affects manjurulhoque django-job-portal (up to commit dfa352f305bba44445ac5dc12e9b2a98c9dcd71f). The vulnerability resides in EditEmployeeProfileAPIView (accounts/api/views.py) of the Employee Dashboard Endpoint, where manipulating the role argument leads to improper access controls. An a...

6.5CVSS5.6AI score0.00209EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/09 3:15 p.m.34 views

CVE-2026-15188 manjurulhoque django-job-portal Employee Dashboard Endpoint views.py EditEmployeeProfileAPIView access control

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS0.00209EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/09 3:15 p.m.8 views

EUVD-2026-42606

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6
CVE
CVE
added 2026/07/09 9:31 a.m.11 views

CVE-2026-9237

Summary: CVE-2026-9237 affects the WordPress plugin “Crew HRM” (Employee, Leave and Recruitment Management System). All versions up to 1.2.2 are vulnerable to an authorization bypass due to improper access verification. Authenticated users with subscriber-level access or higher can delete, archiv...

4.3CVSS6AI score0.00227EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/09 7:55 a.m.7 views

EUVD-2026-42539

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6AI score0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/09 7:55 a.m.7 views

CVE-2026-13011

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6AI score0.00269EPSS
Exploits0References7
CVE
CVE
added 2026/07/09 7:55 a.m.13 views

CVE-2026-13011

The affected product is the ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress. It is vulnerable to a generic SQL Injection via the 'orderby' parameter in all versions up to and including 1.17.5, caused by insufficient escaping of user input...

6.5CVSS6AI score0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 9:11 p.m.32 views

CVE-2026-48492 Snipe-IT's selectlist visibility is too permissive

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web...

7.1CVSS0.00385EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 8:30 a.m.36 views

CVE-2026-13454 MotoPress Appointment Booking <= 2.4.5 - Authenticated (Staff+) SQL Injection via 's' Parameter

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00361EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 6:16 a.m.10 views

CVE-2026-13535

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 4:30 a.m.40 views

CVE-2026-13535 CodeAstro Human Resource Management System View Endpoint Employee_model.php GetFileInfo sql injection

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:30 a.m.9 views

CVE-2026-13535

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/29 3:16 a.m.11 views

CVE-2026-13525

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS0.002EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 2:0 a.m.35 views

CVE-2026-13525 CodeAstro Human Resource Management System Update_Earn_Leave Endpoint Employee_model.php emselectByCode sql injection

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 2:0 a.m.10 views

EUVD-2026-40022

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 2:0 a.m.21 views

CVE-2026-13525

CodeAstro Human Resource Management System 1.0 contains a SQL injection in Update_Earn_Leave Endpoint, specifically in Employee_model.php emselectByCode via the emid parameter. The vulnerability arises from unsanitized input leading to SQL injection, enabling remote exploitation. Public exploit a...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 2:0 a.m.9 views

CVE-2026-13525

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder