13 matches found
CVE-2026-24039
Horilla is a free and open source Human Resource Management System HRMS. Version 1.4.0 has Improper Access Control, allowing low-privileged employees to self-approve documents they have uploaded. The document-approval UI is intended to be restricted to administrator or high-privilege roles only;...
CVE-2026-24039
Horilla is a free and open source Human Resource Management System HRMS. Version 1.4.0 has Improper Access Control, allowing low-privileged employees to self-approve documents they have uploaded. The document-approval UI is intended to be restricted to administrator or high-privilege roles only;...
CVE-2026-24039
Horilla HRMS (v1.4.0) contains an improper access-control flaw on the document-approval endpoint, allowing low-privilege users to self-approve their own uploaded documents. This weak server-side authorization check enables employees to alter admin-reserved state. The issue is fixed in v1.5.0. Aff...
CVE-2026-24039 Horilla's Improper Access Control Allows Employees to Auto-Approve Documents
Horilla is a free and open source Human Resource Management System HRMS. Version 1.4.0 has Improper Access Control, allowing low-privileged employees to self-approve documents they have uploaded. The document-approval UI is intended to be restricted to administrator or high-privilege roles only;...
EUVD-2025-35612
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...
CVE-2025-11957
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...
CVE-2025-11957
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests...
EUVD-2025-13380
Malicious code in bioql PyPI...
CVE-2025-4316
Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up...
CVE-2025-4316
Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up...
CVE-2025-4316
CVE-2025-4316 describes an improper access control in the PAM feature of Devolutions Server that enables a PAM user to self-approve requests, contrary to policy. Affected versions include 2025.1.3.0–2025.1.6.0 and all versions up to 2024.3.15.0. The issue’s root cause is restricted to PAM workflo...
PT-2025-19709 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.6.0 and earlier Description: The issue is related to improper access control in the PAM feature, allowing a PAM user to self-approve their PAM requests even if disallowed by the configured policy. This can b...
PT-2024-37681 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.2.10 and earlier Description: The issue allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism...