Lucene search
K

4 matches found

NVD
NVD
added 2026/05/12 6:17 p.m.22 views

CVE-2026-41513

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

4.8CVSS0.00265EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:43 p.m.9 views

CVE-2026-41513

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

4.8CVSS5.9AI score0.00265EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/22 3:39 a.m.4 views

CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS5.5AI score0.00443EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/22 3:39 a.m.21 views

CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS0.00443EPSS
Exploits1References2
Rows per page
Query Builder