CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/07 7:16 p.m.•1 views

CVE-2026-39347

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability...

5.1CVSS0.00037EPSS

Vulnrichment•added 2026/04/07 6:20 p.m.•2 views

CVE-2026-39347 OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion

Cvelist•added 2026/04/07 6:20 p.m.•13 views

CVE-2026-39347 OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion

5.1CVSS0.00037EPSS

ATTACKERKB•added 2026/04/07 6:20 p.m.•2 views

CVE-2026-39347

Exploits0References2Affected Software1

CVE•added 2026/04/07 6:20 p.m.•3 views

CVE-2026-39347

OrangeHRM Open Source vulnerability CVE-2026-39347 affects versions 5.0–5.8 where admin self-appraisal submissions can be modified after being marked completed, compromising integrity of finalized appraisal records. The issue is resolved in 5.8.1. Affected product: OrangeHRM Open Source; vulnerab...

Exploits0References1Affected Software1

EUVD•added 2026/04/07 6:20 p.m.•1 views

EUVD-2026-19857

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-30970

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-26729

Malicious code in bioql PyPI...

6.7CVSS6.4AI score0.0007EPSS

Exploits0References4

Tenable Nessus•added 2025/08/15 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2022-21505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the linux kernel, if IMA appraisal is used with the imaappraise=log boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabl...

6.7CVSS6.7AI score0.0007EPSS

RedhatCVE•added 2025/05/23 7:23 a.m.•4 views

CVE-2024-42915

A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts...

8CVSS7.2AI score0.00084EPSS

OSV•added 2025/05/23 1:36 a.m.•1 views

MAL-2025-4387 Malicious code in performance-appraisal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fdbbe3c18d12e46e21b82f0cd45dd7a710cb5d467be8dfd538483a6aa5bf3f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

OSV•added 2024/12/24 7:15 p.m.•10 views

CVE-2022-21505

In the linux kernel, if IMA appraisal is used with the "imaappraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "imaappraise=log" from the boot param when Secure Boot is enabled, but this does not cover case...

6.7CVSS6.7AI score0.0007EPSS

NVD•added 2024/12/24 7:15 p.m.•10 views

CVE-2022-21505

6.7CVSS0.0007EPSS

OSV•added 2024/12/24 7:15 p.m.•1 views

DEBIAN-CVE-2022-21505

6.7CVSS6.2AI score0.0007EPSS

Vulnrichment•added 2024/12/24 6:48 p.m.•8 views

CVE-2022-21505

6.7CVSS7.2AI score0.0007EPSS

Cvelist•added 2024/12/24 6:48 p.m.•20 views

CVE-2022-21505

6.7CVSS0.0007EPSS

NVD•added 2024/08/23 3:15 p.m.•12 views

CVE-2024-42915

8CVSS0.00084EPSS

CVE•added 2024/08/23 12:0 a.m.•35 views

CVE-2024-42915

Summary: CVE-2024-42915 is a host header injection vulnerability in Staff Appraisal System v1.0. Affected component: the password reset flow within Staff Appraisal System. Root cause/impact: attackers can induce a user to click a crafted password reset link to obtain a password reset token, enabl...

8CVSS7.4AI score0.00084EPSS