CVE-2025-1389

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-1387

Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user...

CVE-2025-1389 Learning Digital Orca HCM - SQL Injection

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-1389 Learning Digital Orca HCM - SQL Injection

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-1388 Learning Digital Orca HCM - Arbitrary File Upload

Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells...

CVE-2025-1388 Learning Digital Orca HCM - Arbitrary File Upload

Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells...

CVE-2025-1387 Learning Digital Orca HCM - Improper Authentication

Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user...

CVE-2025-1387 Learning Digital Orca HCM - Improper Authentication

Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user...

Learning Digital Orca HCM 代码问题漏洞

Learning Digital Orca HCM is a digital learning platform from China-based Learning Digital. A code issue vulnerability exists in Learning Digital Orca HCM, which stems from an improper implementation of the file upload functionality. An attacker can exploit the vulnerability to upload and run a W...

PT-2025-6911

Name of the Vulnerable Software and Affected Versions: Orca HCM from LEARNING DIGITAL affected versions not specified Description: The issue is related to an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user. Recommendations: At t...

Learning Digital Orca HCM 安全漏洞

Learning Digital Orca HCM is a digital learning platform from China-based Yiyu Digital Learning Digital. A security vulnerability exists in Learning Digital Orca HCM that stems from improper authentication. An attacker can exploit the vulnerability to log in to the system as any user...

Learning Digital Orca HCM SQL注入漏洞

Learning Digital Orca HCM is a digital learning platform from China-based Learning Digital. Learning Digital Orca HCM suffers from a SQL injection vulnerability that stems from improper handling of SQL queries. An attacker can inject arbitrary SQL commands to read, modify, or delete database...

Vulnerability-learning

It is an offensive tool for web application security. The reposi...

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Cybersecurity researchers have uncovered two malicious machine learning ML models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning...

CVE-2020-36084

SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/deleteteacherstudents.php?id= parameter via id field...

CVE-2021-37648

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.rawops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation uses ValidateInputs to check that the input arguments are vali...

CVE-2021-39180

OpenOLAT is a web-based learning management system LMS. A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user e.g. the tomcat user. Depending...

CVE-2025-22350

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9...

CVE-2022-23574

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

CVE-2020-36084

SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/deleteteacherstudents.php?id= parameter via id field...