Lucene search
K

480 matches found

ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-9237

The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00227EPSS
Exploits0References8
NVD
NVD
added 2026/06/29 6:16 a.m.10 views

CVE-2026-13535

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS0.00204EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 5:0 a.m.18 views

CVE-2026-13537

The CVE-2026-13537 entry concerns CodeAstro Human Resource Management System (version 1.0). The vulnerability is described as a cross-site request forgery affecting an unspecified function, with a remote attack possibility and public exploit. No explicit root cause details or affected subcomponen...

5.3CVSS5.4AI score0.00162EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 5:0 a.m.36 views

CVE-2026-13537 CodeAstro Human Resource Management System cross-site request forgery

A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...

5.3CVSS0.00162EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 5:0 a.m.10 views

EUVD-2026-40035

A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. The exploit has been made public and could be used...

5.3CVSS5.4AI score0.00162EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 4:30 a.m.7 views

EUVD-2026-40032

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:30 a.m.9 views

CVE-2026-13535

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/29 4:30 a.m.15 views

CVE-2026-13535

CodeAstro HRMS 1.0 is affected by an SQL injection in the View Endpoint’s GetFileInfo (Employee_model.php). Manipulating the ID argument enables remote SQL injection, with proofs-of-concept published. Root cause: unsafely concatenated or unsanitized ID in GetFileInfo; impact is limited to confide...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 3:16 a.m.11 views

CVE-2026-13525

A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects the function emselectByCode of the file application/models/Employeemodel.php of the component UpdateEarnLeave Endpoint. The manipulation of the argument emid results in sql injection. The attack can...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 2:0 a.m.18 views

CVE-2026-13525

CodeAstro Human Resource Management System 1.0 contains a SQL injection in Update_Earn_Leave Endpoint, specifically in Employee_model.php emselectByCode via the emid parameter. The vulnerability arises from unsanitized input leading to SQL injection, enabling remote exploitation. Public exploit a...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/13 12:34 a.m.13 views

EUVD-2026-36604

A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...

6.5CVSS5.3AI score0.0025EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 10:16 p.m.17 views

CVE-2026-12131

A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...

6.5CVSS0.0025EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 9:16 p.m.13 views

CVE-2026-12130

A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/AddProjects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched...

5.1CVSS0.00203EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 9:16 p.m.15 views

CVE-2026-12129

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...

5.1CVSS0.00203EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/12 9:15 p.m.10 views

CVE-2026-12131 CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection

A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...

6.5CVSS6.4AI score0.0025EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 8:45 p.m.12 views

EUVD-2026-36569

A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/AddProjects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched...

5.1CVSS3.7AI score0.00203EPSS
Exploits0References6
CVE
CVE
added 2026/06/12 8:45 p.m.25 views

CVE-2026-12130

CodeAstro Human Resource Management System 1.0 is affected in the Projects Management Page (file /Projects/Add_Projects). The vulnerability is a stored/reflected cross-site scripting described as caused by manipulation of the protitle argument. The attack can be launched remotely and an exploit h...

5.1CVSS3.8AI score0.00203EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/12 8:30 p.m.9 views

CVE-2026-12129 CodeAstro Human Resource Management System Dashboard add_tod cross site scripting

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...

5.1CVSS3.5AI score0.00203EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 8:30 p.m.38 views

CVE-2026-12129 CodeAstro Human Resource Management System Dashboard add_tod cross site scripting

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...

5.1CVSS0.00203EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48975

Name of the Vulnerable Software and Affected Versions CodeAstro Human Resource Management System version 1.0 Description A security flaw in the Projects Management Page component allows for remote cross-site scripting XSS, which is a technique where malicious scripts are injected into trusted...

5.1CVSS4.5AI score0.00203EPSS
Exploits0References9
Rows per page
Query Builder