{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T05:48:45.824","vulnerabilities":[{"cve":{"id":"CVE-2026-24036","sourceIdentifier":"security-advisories@github.com","published":"2026-01-22T04:15:59.597","lastModified":"2026-01-29T18:58:16.100","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Horilla is a free and open source Human Resource Management System (HRMS). Versions 1.4.0 and above expose unpublished job postings through the /recruitment/recruitment-details// endpoint without authentication. The response includes draft job titles, descriptions and application link allowing unauthenticated users to view unpublished roles and access the application workflow for unpublished jobs. Unauthorized access to unpublished job posts can leak sensitive internal hiring information and cause confusion among candidates. This issue has been fixed in version 1.5.0."},{"lang":"es","value":"Horilla es un Sistema de Gestión de Recursos Humanos (HRMS) de código abierto y gratuito. Las versiones 1.4.0 y superiores exponen ofertas de empleo no publicadas a través del endpoint /recruitment/recruitment-details// sin autenticación. La respuesta incluye títulos de puestos de trabajo en borrador, descripciones y un enlace de solicitud, lo que permite a los usuarios no autenticados ver roles no publicados y acceder al flujo de trabajo de solicitud para trabajos no publicados. El acceso no autorizado a las ofertas de empleo no publicadas puede filtrar información interna de contratación sensible y causar confusión entre los candidatos. Este problema ha sido solucionado en la versión 1.5.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:horilla:horilla:1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"55143854-C369-4CAA-B671-90EFC9170F64"}]}]}],"references":[{"url":"https://github.com/horilla-opensource/horilla/commit/9a585a1588431499092a49d7e82cb77daa4d99ee","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/horilla-opensource/horilla/releases/tag/1.5.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/horilla-opensource/horilla/security/advisories/GHSA-q4xr-w96p-3vg7","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}