Browse all 70 CVE security advisories affecting codepeople. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Codepeople operates as a provider of enterprise software solutions, primarily focusing on human resources and payroll management systems. Historical security audits reveal a significant volume of vulnerabilities, with seventy CVEs currently on record, indicating persistent weaknesses in their development lifecycle. The most prevalent flaw classes include remote code execution and cross-site scripting, which often stem from inadequate input validation and improper session management. Additionally, privilege escalation vulnerabilities have been frequently exploited, allowing unauthorized users to access sensitive administrative functions. These issues suggest a lack of rigorous security testing during the software development phase. While no single catastrophic data breach has been widely publicized as a direct result of these specific CVEs, the high count of critical and high-severity findings poses a substantial risk to client data integrity. Organizations relying on these platforms must prioritize patching and implement strict access controls to mitigate the identified risks effectively.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-0684 | CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import — CP Image Store with SlideshowCWE-863 | 4.3 | Medium | 2026-01-13 |
This page lists every published CVE security advisory associated with codepeople. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.