CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

187 matches found

CVE•added 2026/01/22 3:43 a.m.•14 views

CVE-2026-24039

Horilla HRMS (v1.4.0) contains an improper access-control flaw on the document-approval endpoint, allowing low-privilege users to self-approve their own uploaded documents. This weak server-side authorization check enables employees to alter admin-reserved state. The issue is fixed in v1.5.0. Aff...

4.3CVSS5.6AI score0.00246EPSS

Exploits1References2Affected Software1

OSV•added 2026/01/22 2:41 a.m.•4 views

CVE-2026-24034 Horilla has File Upload XSS

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5.2AI score0.00222EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 9:36 a.m.•11 views

CVE-2024-34222

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter...

5.9CVSS8AI score0.00392EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:36 a.m.•16 views

CVE-2024-34223

Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket...

4.3CVSS6.8AI score0.00477EPSS

Exploits1References1

Cvelist•added 2025/11/19 11:2 p.m.•12 views

CVE-2025-13421 itsourcecode Human Resource Management System NoticeStore.php sql injection

A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc leads to sql injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.00339EPSS

Exploits1References5

CNNVD•added 2025/11/19 12:0 a.m.•4 views

itsourcecode Human Resource Management System SQL注入漏洞

itsourcecode Human Resource Management System is itsourcecode open source human resource management system. A SQL injection vulnerability exists in itsourcecode Human Resource Management System version 1.0, which stems from a misuse of the eventSubject parameter in the file...

9.8CVSS7.8AI score0.00339EPSS

Exploits1References6