38 matches found
EUVD-2019-2261
Malware in sbrugna...
EUVD-2021-9989
Malicious code in bioql PyPI...
EUVD-2021-9990
Malicious code in bioql PyPI...
EUVD-2024-47111
Malicious code in bioql PyPI...
CVE-2024-5996
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-5996
The CVE has a rejection note in the Initial Description, but connected data provides concrete details: Soar Cloud HR Portal is affected. The PT-Security entry PT-2024-37301 reports that notification emails from Soar Cloud HR Portal include links with embedded session data and are sent without enc...
CVE-2024-5996
...
CVE-2024-5995
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused...
CVE-2024-5995
CVE-2024-5995 affects Soar Cloud HR Portal. The issue is insufficient session expiration: a link sent via notification emails contains an embedded session that is not properly expired and can remain valid for more than 7 days, enabling reuse. The vulnerability has a CVSSv3.1 base score of 8.8 (HI...
CVE-2024-5995 Soar Cloud HR Portal - Insufficient Session Expiration
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused...
CVE-2024-5995 Soar Cloud HR Portal - Insufficient Session Expiration
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused...
CVE-2023-34357
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has...
Default credentials
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has...
CVE-2023-34357
Soar Cloud Ltd. HR Portal is affected by CVE-2023-34357 due to a weak password recovery mechanism: the password-reset link sent by email remains valid after a reset and past its expiration, enabling an attacker who can access the link (e.g., via browser history) to reuse it and change the passwor...
CVE-2023-34357 Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has...
PT-2023-24837 · Soar Cloud · Soar Cloud Ltd. Hr Portal
Name of the Vulnerable Software and Affected Versions: Soar Cloud Ltd. HR Portal affected versions not specified Description: The issue concerns a weak Password Recovery Mechanism for Forgotten Password in the Soar Cloud Ltd. HR Portal. The reset password link sent out through e-mail remains vali...
CVE-2021-22855
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...
CVE-2021-22855
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...
CVE-2021-22854
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege...
CVE-2021-22853
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work...