Lucene search
K

78 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-15478

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS0.00192EPSS
Exploits0References5
OSV
OSV
added 3 days ago4 views

CVE-2026-15478 IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

5.3CVSS6.4AI score0.00192EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43200

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15478 IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS0.00192EPSS
Exploits0References5
CVE
CVE
added 3 days ago15 views

CVE-2026-15478

IceHRM

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.9 views

CVE-2022-26588

A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...

6.5CVSS7.1AI score0.0057EPSS
Exploits4References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-4393

Malware in sbrugna...

7.5CVSS7.6AI score0.00998EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-25259

Malware in sbrugna...

5.4CVSS5.5AI score0.0072EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-25260

Malware in sbrugna...

9.8CVSS9.4AI score0.01457EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27268

Malware in sbrugna...

7.2CVSS6.7AI score0.01727EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-31143

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0057EPSS
Exploits4References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-58526

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:47 a.m.6 views

CVE-2024-46073

A reflected Cross-Site Scripting XSS vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the application's response without adequate escaping. An attacker can exploit this flaw by tricking a...

6.1CVSS5.9AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:26 p.m.9 views

CVE-2021-38823

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser...

9.8CVSS6.8AI score0.01457EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:10 p.m.7 views

CVE-2021-38822

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands...

5.4CVSS6.5AI score0.0072EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:45 p.m.10 views

CVE-2020-6114

An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...

7.2CVSS7.9AI score0.01727EPSS
Exploits1References1
OSV
OSV
added 2025/01/06 6:15 p.m.2 views

CVE-2024-46073

A reflected Cross-Site Scripting XSS vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the application's response without adequate escaping. An attacker can exploit this flaw by tricking a...

6.1CVSS6AI score0.00374EPSS
Exploits0References2
NVD
NVD
added 2025/01/06 6:15 p.m.10 views

CVE-2024-46073

A reflected Cross-Site Scripting XSS vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the application's response without adequate escaping. An attacker can exploit this flaw by tricking a...

6.1CVSS0.00374EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/06 12:0 a.m.12 views

CVE-2024-46073

A reflected Cross-Site Scripting XSS vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the application's response without adequate escaping. An attacker can exploit this flaw by tricking a...

0.00374EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/06 12:0 a.m.3 views

Glacies IceHRM 安全漏洞

Glacies IceHRM is a human resource management system from the Glacies team in Germany. The system includes features such as expense management, recruitment management, payroll management and vacation management. A security vulnerability exists in Glacies IceHRM v32.4.0.OS, which stems from improp...

6.1CVSS5.9AI score0.00374EPSS
Exploits0References2
Rows per page
Query Builder