8 matches found
CVE-2026-40865
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
CVE-2026-40866
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...
CVE-2026-40866
Horilla HRMS (version 1.5.0) contains an insecure direct object reference vulnerability in the employee document upload endpoint. An authenticated user can overwrite, replace, or corrupt another employee’s document by altering the document ID in the upload request, leading to unauthorized modific...
CVE-2026-40866 Horilla: Unauthorized Document Overwrite via File Upload Endpoint
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...
CVE-2026-40865
Horilla HRMS 1.5.0 contains an insecure direct object reference in the employee document viewer. An authenticated user can access other employees’ uploaded documents by altering the document ID parameter, exposing identity documents, contracts, certificates, and other private records. The PT-2026...
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
Horilla 访问控制错误漏洞
Horilla is a free open-source human resources software developed by Horilla Company. Version 1.5.0 of Horilla contains an access control vulnerability, which stems from insecure direct object references in the employee document viewer. This vulnerability could allow any authenticated user to acce...
Threat Outbreak Alert RuleID19624: Email Messages Distributing Malicious Software on November 24, 2015
Medium Alert ID: 42250 First Published: 2015 November 24 13:55 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID19624 may contain the following files: Name |...