28 matches found
CVE-2026-10215
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...
CVE-2026-10215
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...
CVE-2026-10215 Dolibarr ERP CRM Leave Request REST API api_holidays.class.php checkUserAccessToObject improper authorization
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...
CVE-2026-10215
Dolibarr ERP CRM up to version 23.0.1 is affected by CVE-2026-10215 in the Leave Request REST API component, specifically the file htdocs/holiday/class/api_holidays.class.php, function checkUserAccessToObject. The issue allows improper authorization, potentially enabling remote exploitation. Publ...
CVE-2026-10215 Dolibarr ERP CRM Leave Request REST API api_holidays.class.php checkUserAccessToObject improper authorization
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...
EUVD-2026-33536
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...
CVE-2026-10215
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/apiholidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be initiat...
PT-2026-45247
A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api holidays.class.php of the component Leave Request REST API. The manipulation leads to improper authorization. The attack may be...
Dolibarr ERP CRM Authorization Issues and Vulnerabilities
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.1 and earlier had an authorization issue. This vulnerability stems from an improper authorization in the CheckUserAccessToObject function within the Leave Request RES...
CVE-2025-7964
CVE-2025-7964 concerns Zigbee devices (Coordinator/Router) affected by a malformed 802.15.4 MAC Data Request. The bug triggers a Zigbee Coordinator to issue a ‘network leave’ command to a Zigbee router, causing the router to become non-rejoinable. If no suitable parent is available, end devices c...
EUVD-2024-19729
Malicious code in bioql PyPI...
EUVD-2025-18626
Malicious code in bioql PyPI...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form...
CVE-2025-46157
CVE-2025-46157 affects EfroTech Time Trax v1.0, specifically the Leave Request form in the Attendance module. The issue is an unrestricted file upload/weak server-side validation that enables remote code execution (RCE) by uploading a crafted file (e.g., changing a .txt to .asp). The CVSS v3.1 ba...
Exploit for Unrestricted Upload of File with Dangerous Type in Efrotech Timetrax
CVE-2025-46157 CVE-2025-46157 – Timetrax V1 2025 Remote Co...
CVE-2024-34223
Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket...