Lucene search
+L

574 matches found

CVE
CVE
added 2026/04/21 6:15 p.m.13 views

CVE-2026-40866

Horilla HRMS (version 1.5.0) contains an insecure direct object reference vulnerability in the employee document upload endpoint. An authenticated user can overwrite, replace, or corrupt another employee’s document by altering the document ID in the upload request, leading to unauthorized modific...

8.6CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 3:32 p.m.11 views

EUVD-2026-24132

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

6.1CVSS5.9AI score0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.7 views

PT-2026-34064

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Frappe HR SQL注入漏洞

Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 15.54.0 and 14.38.1 contained a SQL injection vulnerability. This vulnerability occurred due to specially crafted requests targeting certain endpoints, allowing attackers to extract...

6.5CVSS5.9AI score0.0022EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Frappe HR 访问控制错误漏洞

Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 15.58.2 and 16.4.2 contained a security vulnerability related to access control. This vulnerability allowed authenticated users to exploit certain API endpoints, potentially leading t...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Frappe HR 访问控制错误漏洞

Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 15.58.1 and 16.4.1 contained a security vulnerability related to access control. This vulnerability allowed authenticated users with the default role to access certain API endpoints,...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.13 views

PT-2026-34058

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.6 views

CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

5.9AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.5 views

CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

5.9AI score0.00194EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 9:45 p.m.2 views

MINI-J244-8HR5-RVRF

Bulletin has no description...

7.1CVSS5.7AI score0.00288EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.3 views

CVE-2026-2720

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 6:59 p.m.8 views

WordPress Hr Press Lite plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Employee Information Exposure vulnerability discovered by WordFence in WordPress Plugin Hr Press Lite versions = 1.0.2...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/21 3:27 a.m.1 views

CVE-2026-2720 Hr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/03/21 3:27 a.m.11 views

CVE-2026-2720

The Hr Press Lite WordPress plugin is vulnerable due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to 1.0.2, allowing authenticated users with Subscriber-level access and above to fetch sensitive employee data (names, emails, phone numbers, salary/pay rat...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:27 a.m.7 views

CVE-2026-2720

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

Worksuite HR CRM and Project Management 代码注入漏洞

Worksuite HR CRM and Project Management is an enterprise management platform developed by the American company Worksuite. Versions of Worksuite HR CRM and Project Management prior to 5.5.25 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters ...

4.8CVSS5.7AI score0.00199EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/15 5:2 a.m.4 views

CVE-2026-4165 Worksuite HR, CRM and Project Management create cross site scripting

A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argument Client Note leads to cross site scripting. The attack can be initiated remotely. The exploit ha...

4.8CVSS3.9AI score0.00199EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/22 3:39 a.m.21 views

CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS0.00443EPSS
Exploits1References2
OSV
OSV
added 2026/01/22 3:39 a.m.6 views

CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS5.5AI score0.00443EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 3 : net-snmp-5.3.2.2-20.0.1.AXS3 (AXSA:2013-32:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-32:01 advisory. SNMP Simple Network Management Protocol is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SN...

3.5CVSS7.9AI score0.02167EPSS
Exploits0References2
Rows per page
Query Builder