Lucene search
K

255 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-9237

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00227EPSS
Exploits0References7
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42566

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00227EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-9237 Employee, Leave and Recruitment Management System <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Job Deletion via crewhrm_singleJobAction AJAX Action

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00227EPSS
Exploits0References7
CVE
CVE
added 6 days ago10 views

CVE-2026-9237

Summary: CVE-2026-9237 affects the WordPress plugin “Crew HRM” (Employee, Leave and Recruitment Management System). All versions up to 1.2.2 are vulnerable to an authorization bypass due to improper access verification. Authenticated users with subscriber-level access or higher can delete, archiv...

4.3CVSS6AI score0.00227EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/29 2:0 a.m.7 views

CVE-2026-13525

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/02 2:16 p.m.16 views

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 2:1 p.m.13 views

CVE-2026-27351 WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 2:1 p.m.41 views

CVE-2026-27351 WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 2:1 p.m.13 views

EUVD-2026-33931

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 2:1 p.m.21 views

CVE-2026-27351

CVE-2026-27351 affects the WordPress Crew HRM plugin up to version 1.2.2. Root cause: Missing Authorization through incorrectly configured access control. Impact includes Low integrity, Low availability, and No confidentiality impact per CVSS 3.1 (base score 5.4). Attack vector is Network with Lo...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.13 views

PT-2026-45747

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

WordPress plugin Crew HRM 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.4CVSS5.5AI score0.00165EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/10 12:0 a.m.89 views

📄 Horilla 1.3 Remote Command Execution

Horilla versions 1.3 and below suffer from a remote command execution vulnerability. Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE...

7.2CVSS6AI score0.02327EPSS
Exploits3
OSV
OSV
added 2026/02/24 1:39 p.m.3 views

MINI-HRM4-RXX8-HXH4

Bulletin has no description...

8.8CVSS4.9AI score0.08272EPSS
Exploits0
Cvelist
Cvelist
added 2026/01/22 3:31 a.m.27 views

CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

4.8CVSS0.00227EPSS
Exploits1References2
OSV
OSV
added 2026/01/22 3:31 a.m.6 views

CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

4.8CVSS5.4AI score0.00227EPSS
Exploits1References4
CVE
CVE
added 2026/01/22 3:31 a.m.17 views

CVE-2026-24037

Horilla HRMS has_XSS bypass in version 1.4.0 due to incomplete, context-agnostic regex filtering in has_xss(), enabling attackers to redirect users, run external JavaScript, and steal CSRF tokens for admin-targeted CSRF attacks. The issue is fixed in version 1.5.0. Affected: Horilla 1.4.x → fixed...

5.4CVSS5.3AI score0.00227EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.5 views

WorkDo HRM SaaS HR and Payroll Tool 跨站脚本漏洞

WorkDo HRM SaaS HR and Payroll Tool is a human resource management software from WorkDo, Inc. WorkDo HRM SaaS HR and Payroll Tool suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the replydescription parameter when sending a POST request ...

5.1CVSS5.9AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/04 12:0 a.m.5 views

EUVD-2025-37760

WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users...

6.5CVSS6.3AI score0.00287EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/04 12:0 a.m.3 views

CVE-2025-63294

WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users...

6.4AI score0.00287EPSS
Exploits1References3
Rows per page
Query Builder