All 5 CVE vulnerabilities found in hrms, with AI-generated Chinese analysis, references, and POCs.
Vendor: pbrong
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41320 | Frappe HR has possibility of SQL Injection due to improper field sanitization CWE-89 | 6.5 | Medium | 2026-04-21 |
| CVE-2026-40889 | Frappe HR has Improper Access Control on Files CWE-284 | 6.5 | Medium | 2026-04-21 |
| CVE-2026-40888 | Frappe HR vulnerable to Improper Access Control CWE-284 | 6.5AI | MediumAI | 2026-04-21 |
| CVE-2026-1161 | pbrong hrms recruitment.go UpdateRecruitmentById cross site scripting CWE-79 | 3.5 | Low | 2026-01-19 |
| CVE-2025-1815 | pbrong hrms resource.go HrmsDB improper authorization CWE-285 | 7.3 | High | 2025-03-02 |
All 5 known CVE vulnerabilities affecting hrms with full Chinese analysis, references, and POCs where available.