Lucene search
+L

6 matches found

NVD
NVD
added 2026/04/07 7:16 p.m.5 views

CVE-2026-39345

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

4.9CVSS0.00323EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 7:16 p.m.7 views

CVE-2026-39347

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability...

5.1CVSS0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 6:22 p.m.3 views

CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.1CVSS5.9AI score0.00112EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 6:22 p.m.3 views

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.1CVSS5.9AI score0.00112EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 6:17 p.m.17 views

CVE-2026-39345 OrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template Loader

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

4.6CVSS0.00323EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.9 views

Astra Linux – Vulnerability in xz-utils

XZ Utils provides a general-purpose data-compression library along with command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, there is a bug in the multithreaded .xz decoder in liblzma: invalid inputs can potentially cause a crash. The effects of this bug include heap usage after deallocation, as...

8.7CVSS7AI score0.00647EPSS
Exploits0References3
Rows per page
Query Builder