395 matches found
CVE-2026-13537
A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...
CVE-2026-13535 CodeAstro Human Resource Management System View Endpoint Employee_model.php GetFileInfo sql injection
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...
EUVD-2026-40022
A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...
CVE-2026-46953
Vulnerability in the Oracle HRMS UK product of Oracle E-Business Suite component: UK Payroll. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HRMS UK. Successful attacks of...
PT-2026-50053
Vulnerability in the Oracle HRMS UK product of Oracle E-Business Suite component: UK Payroll. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HRMS UK. Successful attacks of...
EUVD-2026-36562
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...
CVE-2026-12129
CodeAstro Human Resource Management System 1.0 is affected. The vulnerability resides in the Dashboard Interface component, specifically the /dashboard/add_tod endpoint, where manipulation of the todo_data argument leads to cross-site scripting. The issue is exploitable remotely, and exploits are...
CVE-2026-11491 CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...
CVE-2026-11491 CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...
CVE-2026-11491
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/Allnotice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input as part of POST leads to cross site scripting. It...
CVE-2026-40867
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...
CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API
Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...
CVE-2026-45081
Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...
CVE-2026-40867 Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...
CVE-2026-40867 Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
PT-2026-34059
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...
CVE-2026-24034
Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...