Vulnerabilidades en horilla-opensource
19 resultadosCVE-2025-48868HIGHHorilla vulnerable to authenticated RCE via eval() in project_bulk_archiveEPSS 2.3%CVE-2026-24036MEDIUMHorilla Exposes Unpublished Job Disclosures through Unauthenticated APIEPSS 0.5%CVE-2026-24038HIGHHorilla HR has 2FA Bypass through its OTP Handling LogicEPSS 0.4%CVE-2026-24010HIGHHorilla has HTML Injection Issue that, with Phishing, Leads to Account TakeoverEPSS 0.4%CVE-2025-48869HIGHHorilla Unauthorized Access to Candidate Resume Files Due to Broken Access ControlEPSS 0.4%CVE-2025-59832CRITICALHorrila Stored XSS Vulnerability via Ticket Comment sectionEPSS 0.4%CVE-2026-3049MEDIUMhorilla-opensource horilla Query Parameter global_search.py get redirectEPSS 0.4%CVE-2025-59524HIGHHorilla Stored XSS Vulnerability via File Upload in Reimbursement PanelEPSS 0.3%CVE-2026-24035MEDIUMHorilla has Improper Access Control Issue that Allows Unauthorized Document Upload on Behalf of Another EmployeeEPSS 0.3%CVE-2025-59525HIGHHorilla has Improper Input Sanitization Leading to XSS and Admin Account TakeoverEPSS 0.3%CVE-2026-24039MEDIUMHorilla's Improper Access Control Allows Employees to Auto-Approve DocumentsEPSS 0.2%CVE-2026-24037MEDIUMHorilla HRM has XSS Bypass through Project NameEPSS 0.2%CVE-2025-48867MEDIUMHorilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task ModulesEPSS 0.2%CVE-2026-24034MEDIUMHorilla has File Upload XSSEPSS 0.2%CVE-2026-3050MEDIUMhorilla-opensource horilla Leads global.js cross site scriptingEPSS 0.2%CVE-2026-40866HIGHHorilla: Unauthorized Document Overwrite via File Upload EndpointEPSS 0.2%CVE-2026-40867HIGHHorilla: Unauthorized Helpdesk Attachment Access via Attachment ID ManipulationEPSS 0.2%CVE-2025-47789MEDIUMHorilla Open Redirect Vulnerability in LoginEPSS 0.2%CVE-2026-40865HIGHHorilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>EPSS 0.1%