CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Talentneuron: >> Hrforecast Suite Security Vulnerabilities

CVE-2025-51506

In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/lookup endpoint.

CVSS Score

6.5

EPSS Score

0.0

Published

2025-08-19

Page 1

Vulnerabilities

Vulnerable Software

Talentneuron: >> Hrforecast Suite Security Vulnerabilities

Products

Pricing

Contact Us