CVE-2026-24035

Horilla is a free and open source Human Resource Management System HRMS. An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without prope...

CVE-2026-24035

Horilla is a free and open source Human Resource Management System HRMS. An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without prope...

CVE-2026-24035

Horilla is a free and open source Human Resource Management System HRMS. An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without prope...

PT-2026-3910

Horilla is a free and open source Human Resource Management System HRMS. An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without prope...

GHSA-3864-RP2M-2QFJ libre-chat Path Traversal vulnerability

An issue in the uploaddocuments method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file...

CVE-2024-52787

An issue in the uploaddocuments method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file...

Libre Chat 安全漏洞

Libre Chat is a free open source Large Language Model LLM chatbot Web UI and API by Vincent Emonet Individual Developer. A security vulnerability exists in Libre Chat version v0.0.6, which stems from an issue in the uploaddocuments method. An attacker can exploit the vulnerability to perform path...

Siemens SIMATIC PCS neo Authentication Error Vulnerability

SIMATIC PCS neo is a distributed control system DCS. An authentication error vulnerability exists in Siemens SIMATIC PCS neo, which can be exploited by an attacker to generate a privileged token and upload additional documents...

CVE-2023-46096

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents...

Siemens SIMATIC PCS 安全漏洞

SIMATIC PCS neo is a distributed control system DCS. An authentication error vulnerability exists in Siemens SIMATIC PCS neo, which can be exploited by an attacker to generate a privileged token and upload additional documents...

Vulnerability Spotlight: SQL injection vulnerability in Glacies IceHRM

Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos researchers recently discovered that the Glacies' IceHRM software contains a vulnerability that could allow an adversary to inject SQL. IceHRM is a human resource management tool, allowing users to create...

CVE-2017-9602

KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to...