Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

horilla — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in horilla, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-40867 Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation CWE-284 6.5AIMediumAI2026-04-21
CVE-2026-40866 Horilla: Unauthorized Document Overwrite via File Upload Endpoint CWE-284 4.3AIMediumAI2026-04-21
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id> CWE-284 6.5AIMediumAI2026-04-21
CVE-2026-3050 horilla-opensource horilla Leads global.js cross site scripting CWE-79 3.5 Low2026-02-24
CVE-2026-3049 horilla-opensource horilla Query Parameter global_search.py get redirect CWE-601 4.3 Medium2026-02-24
CVE-2026-24039 Horilla's Improper Access Control Allows Employees to Auto-Approve Documents CWE-284 4.3 Medium2026-01-22
CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic CWE-287 8.1 High2026-01-22
CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name CWE-79 4.8 Medium2026-01-22
CVE-2026-24036 Horilla Exposes Unpublished Job Disclosures through Unauthenticated API CWE-284 5.3 Medium2026-01-22
CVE-2026-24035 Horilla has Improper Access Control Issue that Allows Unauthorized Document Upload on Behalf of Another Employee CWE-284 4.3 Medium2026-01-22
CVE-2026-24034 Horilla has File Upload XSS CWE-434 5.4 Medium2026-01-22
CVE-2026-24010 Horilla has HTML Injection Issue that, with Phishing, Leads to Account Takeover CWE-74 8.0AIHighAI2026-01-22
CVE-2025-59832 Horrila Stored XSS Vulnerability via Ticket Comment section CWE-79 9.9 Critical2025-09-25
CVE-2025-59525 Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover CWE-79 5.4AIMediumAI2025-09-24
CVE-2025-59524 Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel CWE-79 8.8AIHighAI2025-09-24
CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules CWE-79 4.8 Medium2025-09-24
CVE-2025-48869 Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control CWE-284 7.5 High2025-09-24
CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive CWE-95 7.2 High2025-09-24
CVE-2025-47789 Horilla Open Redirect Vulnerability in Login CWE-601 6.1 Medium2025-05-15
CVE-2024-12138 horilla create_skills deserialization CWE-502 6.3 Medium2024-12-04

All 20 known CVE vulnerabilities affecting horilla with full Chinese analysis, references, and POCs where available.