302 matches found
CVE-2026-46970
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligenc...
CVE-2026-46955
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite component: Person. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successf...
CVE-2026-46892
Vulnerability in the JD Edwards EnterpriseOne Human Resources Management product of Oracle JD Edwards component: Human Resources. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...
Vulnerabilities in Oracle JD Edwards EnterpriseOne
Oracle has identified several vulnerabilities in Oracle JD Edwards EnterpriseOne, including the modules Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing, specifically for versions 9.2.0.0 to 9.2.26.2. These vulnerabilities enable attackers ...
PT-2026-50054
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite component: Person. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successf...
PT-2026-49999
Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne Human Resources Management version 9.2 Description An issue in the Human Resources component allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation can...
CVE-2026-12131
CVE-2026-12131 affects CodeAstro Human Resource Management System 1.0, specifically the Payroll Invoice Module. The vulnerability exists in the Invoice function of the file \application\controllers\Payroll.php, where manipulation of the argument ID leads to SQL injection. Exploitation is possible...
CVE-2026-12131 CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection
A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitatio...
CVE-2026-41513
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...
CVE-2026-27351
Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...
CVE-2026-22006
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Employee Snapshot. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...
CVE-2026-40865
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
CVE-2026-45081
Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...
CVE-2026-45081
Frappe HRMS (HRMS) has a permission bypass in the Leave Details API. Before version 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks; the issue is fixed in 16.5.0.
EUVD-2026-24309
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Employee Snapshot. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...
CVE-2026-41320
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...
CVE-2026-40866 Horilla: Unauthorized Document Overwrite via File Upload Endpoint
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...
CVE-2026-40865
Horilla HRMS 1.5.0 contains an insecure direct object reference in the employee document viewer. An authenticated user can access other employees’ uploaded documents by altering the document ID parameter, exposing identity documents, contracts, certificates, and other private records. The PT-2026...
PT-2026-34058
Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...
Infoopia Dovestones ADPhonebook 安全漏洞
Infoopia Dovestones ADPhonebook is a corporate address book management system developed by the Canadian company Infoopia. Versions of Infoopia Dovestones ADPhonebook prior to version 4.0.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the search parameter in the...