Lucene search
+L

574 matches found

bdu_fstec
bdu_fstec
added yesterday19 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
nvd
nvd
added 2026/07/09 8:16 a.m.5 views

CVE-2026-13011

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00269EPSS
Exploits0References6
euvd
euvd
added 2026/07/09 7:55 a.m.7 views

EUVD-2026-42539

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6AI score0.00269EPSS
Exploits0References6
cve
cve
added 2026/07/09 7:55 a.m.12 views

CVE-2026-13011

The affected product is the ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress. It is vulnerable to a generic SQL Injection via the 'orderby' parameter in all versions up to and including 1.17.5, caused by insufficient escaping of user input...

6.5CVSS6AI score0.00269EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/09 7:55 a.m.34 views

CVE-2026-13011 ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support <= 1.17.5 - Authenticated (HR Manager+) SQL Injection via 'orderby' Parameter

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00269EPSS
Exploits0References6
nvd
nvd
added 2026/06/17 10:54 a.m.12 views

CVE-2026-46971

Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR...

7.5CVSS0.00247EPSS
Exploits0References1
nvd
nvd
added 2026/06/17 10:54 a.m.12 views

CVE-2026-46922

Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligenc...

7.2CVSS0.00453EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.23 views

PT-2026-50069

Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR...

7.5CVSS5.3AI score0.00247EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.29 views

PT-2026-50028

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle HR Intelligence versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle HR Intelligence product. A high privileged attacker with network access via HTTP can...

7.2CVSS5.8AI score0.00453EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.16 views

PT-2026-50068

Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligenc...

7.2CVSS5.2AI score0.00453EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41320

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

6.5CVSS5.6AI score0.0022EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:32 p.m.7 views

CVE-2026-45081

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40889

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...

6.5CVSS5.5AI score0.00231EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:26 p.m.10 views

CVE-2026-40888

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References1
osv
osv
added 2026/06/05 4:51 p.m.6 views

MINI-3V58-HR53-MH9G

Bulletin has no description...

6.5CVSS5.1AI score0.00248EPSS
Exploits0
nvd
nvd
added 2026/05/27 6:16 p.m.19 views

CVE-2026-45081

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS0.00201EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/27 5:18 p.m.43 views

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS0.00201EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/27 5:18 p.m.14 views

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
osv
osv
added 2026/05/27 5:18 p.m.4 views

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS5.9AI score0.00201EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.13 views

Frappe HR 安全漏洞

Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 16.5.0 contained security vulnerabilities. These vulnerabilities were caused by improper authorization checks, which could allow authorized employees to access the leave details of...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder