EUVD-2021-9990

Malicious code in bioql PyPI...

EUVD-2021-9989

Malicious code in bioql PyPI...

Soar Cloud System Soar Cloud HRD Human Resource Management System 安全漏洞

Soar Cloud System Soar Cloud HRD Human Resource Management System is a human resource management system from Soar Cloud System, Inc. of Taiwan, China. A security vulnerability exists in Soar Cloud System Soar Cloud HRD Human Resource Management System version 7.3.2025.0408 and prior versions, whi...

Soar Cloud System Soar Cloud HRD Human Resource Management System 安全漏洞

Soar Cloud System Soar Cloud HRD Human Resource Management System is a human resource management system from Soar Cloud System, Inc. of Taiwan, China. A security vulnerability exists in Soar Cloud System Soar Cloud HRD Human Resource Management System version 7.3.2025.0408 and prior versions, whi...

Soar Cloud System Access Control Error Vulnerability

Soar Cloud System is a HR system solution system developed by Soar. Soar Cloud System HR Portal has an access control error that allows remote attackers to access sensitive data through specific packets e.g., user's login information while obtaining a user ID, thus preventing the login function...

Soar Cloud System SQL Injection Vulnerability

Soar Cloud System is a HR system solution system developed by Soar. The Soar Cloud System HR portal suffers from a SQL injection vulnerability that stems from not filtering SQL injection statements, which allows a remote attacker to inject SQL syntax and obtain all data in the database without...

CVE-2021-22854

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege...

CVE-2021-22853

The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work...

CVE-2021-22853

The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work...

CVE-2021-22855

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...

CVE-2021-22855

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...

CVE-2021-22854

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege...

Privilege escalation

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege...

Command injection

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...

CVE-2021-22854

The CVE-2021-22854 entry concerns the Soar Cloud System HR Portal, where input parameter filtering failures enable an SQL injection in the HR portal. The root cause is inadequate validation of parameters, allowing remote attackers to inject SQL syntax and retrieve all database data without privil...

CVE-2021-22855 Soar Cloud System Co., Ltd. HR Portal - Arbitrary Code Execution

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...

CVE-2021-22855

CVE-2021-22855 affects the HR Portal of Soar Cloud System, where the deserialization function accepts any object type, enabling execution of arbitrary commands. According to NVD data, this is a remote, high-severity issue (CVSS v3.1: 9.8, CRITICAL; CVSS v2.0: 7.5, HIGH) with network access, low a...

CVE-2021-22854 Soar Cloud System Co., Ltd. HR Portal - SQL Injection

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege...

CVE-2021-22853

CVE-2021-22853 affects the Soar Cloud System HR Portal. The vulnerability is a broken access control that, when obtaining a user ID, allows remote attackers to access sensitive data via a specific data packet (for example, user login information) and can cause the login function to fail. The docu...

CVE-2021-22853 Soar Cloud System Co., Ltd. HR Portal - Broken Access Control

The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work...