Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/04/07 6:22 p.m.15 views

CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.1CVSS0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/01 1:18 p.m.6 views

CVE-2025-66289

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

8.8CVSS7.1AI score0.00241EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/29 3:8 a.m.9 views

CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...

5.3CVSS0.00175EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/29 12:0 a.m.4 views

OrangeHRM 代码问题漏洞

OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. A code issue vulnerability exists in OrangeHRM versions 5.0 through 5.7, which...

8.8CVSS6.6AI score0.00241EPSS
Exploits0References2
Rows per page
Query Builder