Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

horilla-opensource — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting horilla-opensource. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by horilla-opensource:horilla
CVE IDTitleCVSSSeverityPublished
CVE-2026-40867 Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation — horillaCWE-284 6.5AIMediumAI2026-04-21
CVE-2026-40866 Horilla: Unauthorized Document Overwrite via File Upload Endpoint — horillaCWE-284 4.3AIMediumAI2026-04-21
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id> — horillaCWE-284 6.5AIMediumAI2026-04-21
CVE-2026-3050 horilla-opensource horilla Leads global.js cross site scripting — horillaCWE-79 3.5 Low2026-02-24
CVE-2026-3049 horilla-opensource horilla Query Parameter global_search.py get redirect — horillaCWE-601 4.3 Medium2026-02-24
CVE-2026-24039 Horilla's Improper Access Control Allows Employees to Auto-Approve Documents — horillaCWE-284 4.3 Medium2026-01-22
CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic — horillaCWE-287 8.1 High2026-01-22
CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name — horillaCWE-79 4.8 Medium2026-01-22
CVE-2026-24036 Horilla Exposes Unpublished Job Disclosures through Unauthenticated API — horillaCWE-284 5.3 Medium2026-01-22
CVE-2026-24035 Horilla has Improper Access Control Issue that Allows Unauthorized Document Upload on Behalf of Another Employee — horillaCWE-284 4.3 Medium2026-01-22
CVE-2026-24034 Horilla has File Upload XSS — horillaCWE-434 5.4 Medium2026-01-22
CVE-2026-24010 Horilla has HTML Injection Issue that, with Phishing, Leads to Account Takeover — horillaCWE-74 8.0AIHighAI2026-01-22
CVE-2025-59832 Horrila Stored XSS Vulnerability via Ticket Comment section — horillaCWE-79 9.9 Critical2025-09-25
CVE-2025-59525 Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover — horillaCWE-79 5.4AIMediumAI2025-09-24
CVE-2025-59524 Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel — horillaCWE-79 8.8AIHighAI2025-09-24
CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules — horillaCWE-79 4.8 Medium2025-09-24
CVE-2025-48869 Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control — horillaCWE-284 7.5 High2025-09-24
CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive — horillaCWE-95 7.2 High2025-09-24
CVE-2025-47789 Horilla Open Redirect Vulnerability in Login — horillaCWE-601 6.1 Medium2025-05-15

This page lists every published CVE security advisory associated with horilla-opensource. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.