Horilla-opensource Horilla
19 CVEs affecting Horilla-opensource Horilla. Latest disclosed: 2026-04-21. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59832 | Critical | 9.9 | 2025-09-25 | Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment ed… |
CVE-2026-24010 | High | 8.8 | 2026-01-22 | Horilla is a free and open source Human Resource Management System (HRMS). A critical File Upload vulnerability in versions prior to 1.5.0, with Social Enginee… |
CVE-2026-24038 | High | 8.1 | 2026-01-22 | Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the OTP handling logic has a flawed equality check that can be byp… |
CVE-2025-48869 | High | 7.5 | 2025-09-24 | Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly… |
CVE-2025-48868 | High | 7.2 | 2025-09-24 | Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 d… |
CVE-2025-47789 | Medium | 6.1 | 2025-05-15 | Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers… |
CVE-2026-24034 | Medium | 5.4 | 2026-01-22 | Horilla is a free and open source Human Resource Management System (HRMS). In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered be… |
CVE-2026-24036 | Medium | 5.3 | 2026-01-22 | Horilla is a free and open source Human Resource Management System (HRMS). Versions 1.4.0 and above expose unpublished job postings through the /recruitment/re… |
CVE-2026-24037 | Medium | 4.8 | 2026-01-22 | Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the has_xss() function attempts to block XSS by matching input aga… |
CVE-2025-48867 | Medium | 4.8 | 2025-09-24 | Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authen… |
CVE-2026-3049 | Medium | 4.3 | 2026-02-24 | A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of th… |
CVE-2026-24039 | Medium | 4.3 | 2026-01-22 | Horilla is a free and open source Human Resource Management System (HRMS). Version 1.4.0 has Improper Access Control, allowing low-privileged employees to self… |
CVE-2026-24035 | Medium | 4.3 | 2026-01-22 | Horilla is a free and open source Human Resource Management System (HRMS). An Improper Access Control vulnerability exists in Horilla HR Software starting in v… |
CVE-2026-3050 | Low | 3.5 | 2026-02-24 | A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads… |
CVE-2026-40867 | | 2026-04-21 | Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer al… | |
CVE-2026-40866 | | 2026-04-21 | Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document upload endpoi… | |
CVE-2026-40865 | | 2026-04-21 | Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document viewer allows… | |
CVE-2025-59525 | | 2025-09-24 | Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via… | |
CVE-2025-59524 | | 2025-09-24 | Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser… |