Lucene search
K

395 matches found

NVD
NVD
added 2026/06/29 6:16 a.m.9 views

CVE-2026-13537

A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...

5.3CVSS0.00162EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 4:30 a.m.37 views

CVE-2026-13535 CodeAstro Human Resource Management System View Endpoint Employee_model.php GetFileInfo sql injection

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 2:0 a.m.9 views

EUVD-2026-40022

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS5.7AI score0.002EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 10:54 a.m.10 views

CVE-2026-46953

Vulnerability in the Oracle HRMS UK product of Oracle E-Business Suite component: UK Payroll. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HRMS UK. Successful attacks of...

7.2CVSS0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-50053

Vulnerability in the Oracle HRMS UK product of Oracle E-Business Suite component: UK Payroll. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HRMS UK. Successful attacks of...

7.2CVSS5.2AI score0.00339EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 8:30 p.m.10 views

EUVD-2026-36562

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...

5.1CVSS3.7AI score0.00203EPSS
Exploits0References6
CVE
CVE
added 2026/06/12 8:30 p.m.28 views

CVE-2026-12129

CodeAstro Human Resource Management System 1.0 is affected. The vulnerability resides in the Dashboard Interface component, specifically the /dashboard/add_tod endpoint, where manipulation of the todo_data argument leads to cross-site scripting. The issue is exploitable remotely, and exploits are...

5.1CVSS3.7AI score0.00203EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/08 5:15 a.m.48 views

CVE-2026-11491 CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS0.00223EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 5:15 a.m.10 views

CVE-2026-11491 CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS3.7AI score0.00223EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 5:15 a.m.11 views

CVE-2026-11491

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...

4.8CVSS3.7AI score0.00223EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.11 views

CVE-2026-40867

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...

7.1CVSS5.5AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 5:18 p.m.43 views

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:18 p.m.10 views

CVE-2026-45081

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 6:16 p.m.2 views

CVE-2026-40867 Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 6:16 p.m.2 views

CVE-2026-40867 Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...

7.1CVSS6AI score0.00207EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 6:14 p.m.4 views

CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

7.1CVSS5.8AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 6:14 p.m.35 views

CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

7.1CVSS0.0014EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 6:14 p.m.3 views

CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

7.1CVSS6AI score0.0014EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.11 views

PT-2026-34059

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/23 6:19 a.m.7 views

CVE-2026-24034

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5.1AI score0.00222EPSS
Exploits1References1
Rows per page
Query Builder