574 matches found
CVE-2026-40866
Horilla HRMS (version 1.5.0) contains an insecure direct object reference vulnerability in the employee document upload endpoint. An authenticated user can overwrite, replace, or corrupt another employee’s document by altering the document ID in the upload request, leading to unauthorized modific...
EUVD-2026-24132
Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...
PT-2026-34064
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...
Frappe HR SQL注入漏洞
Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 15.54.0 and 14.38.1 contained a SQL injection vulnerability. This vulnerability occurred due to specially crafted requests targeting certain endpoints, allowing attackers to extract...
Frappe HR 访问控制错误漏洞
Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 15.58.2 and 16.4.2 contained a security vulnerability related to access control. This vulnerability allowed authenticated users to exploit certain API endpoints, potentially leading t...
Frappe HR 访问控制错误漏洞
Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 15.58.1 and 16.4.1 contained a security vulnerability related to access control. This vulnerability allowed authenticated users with the default role to access certain API endpoints,...
PT-2026-34058
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...
CVE-2026-31013
Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...
CVE-2026-31013
Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...
MINI-J244-8HR5-RVRF
Bulletin has no description...
CVE-2026-2720
The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress Hr Press Lite plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Employee Information Exposure vulnerability discovered by WordFence in WordPress Plugin Hr Press Lite versions = 1.0.2...
CVE-2026-2720 Hr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure
The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-2720
The Hr Press Lite WordPress plugin is vulnerable due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to 1.0.2, allowing authenticated users with Subscriber-level access and above to fetch sensitive employee data (names, emails, phone numbers, salary/pay rat...
CVE-2026-2720
The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...
Worksuite HR CRM and Project Management 代码注入漏洞
Worksuite HR CRM and Project Management is an enterprise management platform developed by the American company Worksuite. Versions of Worksuite HR CRM and Project Management prior to 5.5.25 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters ...
CVE-2026-4165 Worksuite HR, CRM and Project Management create cross site scripting
A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argument Client Note leads to cross site scripting. The attack can be initiated remotely. The exploit ha...
CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic
Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...
CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic
Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...
MiracleLinux 3 : net-snmp-5.3.2.2-20.0.1.AXS3 (AXSA:2013-32:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-32:01 advisory. SNMP Simple Network Management Protocol is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SN...