CVE-2026-10215

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...

CVE-2026-10215

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...

CVE-2026-10215 Dolibarr ERP CRM Leave Request REST API api_holidays.class.php checkUserAccessToObject improper authorization

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...

CVE-2026-10215

Dolibarr ERP CRM up to version 23.0.1 is affected by CVE-2026-10215 in the Leave Request REST API component, specifically the file htdocs/holiday/class/api_holidays.class.php, function checkUserAccessToObject. The issue allows improper authorization, potentially enabling remote exploitation. Publ...

EUVD-2026-33536

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...

CVE-2026-10215 Dolibarr ERP CRM Leave Request REST API api_holidays.class.php checkUserAccessToObject improper authorization

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...

CVE-2026-10215

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...

PT-2026-45247

A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api holidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be...

Dolibarr ERP CRM Authorization Issues and Vulnerabilities

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.1 and earlier had an authorization issue. This vulnerability stems from an improper authorization in the CheckUserAccessToObject function within the Leave Request RES...

CVE-2026-9542

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...

CVE-2026-45081

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

CVE-2026-45081

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

CVE-2026-45081

Frappe HRMS (HRMS) has a permission bypass in the Leave Details API. Before version 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks; the issue is fixed in 16.5.0.

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

EUVD-2026-32608

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

PT-2026-44054

Name of the Vulnerable Software and Affected Versions Frappe HR versions prior to 16.5.0 Description Frappe HR is an open-source human resources management solution HRMS. Authenticated employees can access leave details of other employees because of improper authorization checks. Recommendations...

Frappe HR 安全漏洞

Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 16.5.0 contained security vulnerabilities. These vulnerabilities were caused by improper authorization checks, which could allow authorized employees to access the leave details of...

CVE-2026-9451

A weakness has been identified in code-projects Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /process/applyleaveprocess.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has...

CVE-2026-9542

A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/addstaff.php. Executing a manipulation of the argument emailid can lead to sql injection. The attack can be launched remotely. The exploit has been made availabl...