Lucene search
K

12 matches found

OSV
OSV
added 2025/09/24 5:17 p.m.4 views

CVE-2025-48869 Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

7.5CVSS6.5AI score0.00407EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.3 views

Horilla 访问控制错误漏洞

Horilla is a free and open source human resources software from Horilla, Inc. An access control error vulnerability exists in Horilla version 1.3.0 that originates from an unauthenticated user being able to access an uploaded resume file by guessing or predicting the file URL, which could result ...

7.5CVSS6.5AI score0.00407EPSS
Exploits1References2
OSV
OSV
added 2025/05/15 8:15 p.m.4 views

CVE-2024-7762

The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes...

3.7CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.1 views

CVE-2022-2558

The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations...

5.3CVSS6.1AI score0.00787EPSS
Exploits2References2
OSV
OSV
added 2022/08/22 3:15 p.m.2 views

CVE-2022-2558

The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations...

5.3CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2022/08/22 3:15 p.m.4 views

CVE-2022-2544

The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes...

7.5CVSS5.8AI score0.03158EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.3 views

CVE-2022-2544

The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes...

7.5CVSS7.1AI score0.03158EPSS
Exploits2References4
NVD
NVD
added 2022/08/22 3:15 p.m.9 views

CVE-2022-2544

The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes...

7.5CVSS0.03158EPSS
Exploits2References2
NVD
NVD
added 2022/08/22 3:15 p.m.22 views

CVE-2022-2558

The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations...

5.3CVSS0.00787EPSS
Exploits2References1
Prion
Prion
added 2022/08/22 3:15 p.m.18 views

Code injection

The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations...

5CVSS5.2AI score0.00787EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/08/22 3:15 p.m.16 views

Design/Logic Flaw

The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes...

5CVSS7.5AI score0.03158EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/08/22 3:4 p.m.30 views

CVE-2022-2558 Simple Job Board < 2.10.0 - Resume Disclosure via Directory Listing

The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations...

5.5AI score0.00787EPSS
Exploits2References1
Rows per page
Query Builder