CVE-2026-41513 Horilla: Open Redirect via Unvalidated `next` Parameter in Notification Endpoints

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

Horilla Access Control Vulnerability

Horilla is a free open-source human resources software developed by Horilla Company. Versions of Horilla from 1.4.0 to 1.5.0 contained an access control vulnerability. This vulnerability stemmed from insufficient validation of the employeeid parameter on the server side, allowing any authenticate...

EUVD-2024-50623

Malicious code in bioql PyPI...

CVE-2025-48869

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

Horilla 安全漏洞

Horilla is a free and open source human resources software from Horilla, Inc. A security vulnerability exists in Horilla version 1.3.0 that stems from the unsafe use of the eval function for user-controlled query parameters, which could lead to remote code execution...

PT-2025-21568 · Horilla · Horilla

Name of the Vulnerable Software and Affected Versions: Horilla versions prior to 1.3 Description: Horilla is a free and open source Human Resource Management System HRMS. In affected versions, an attacker can manipulate a Horilla URL to refer to an external domain. Upon clicking and logging in, t...