CVE-2025-66224
OrangeHRM versions 5.0–5.7 contain an input-neutralization flaw in mail configuration and delivery workflow where user-controlled values flow into the sendmail path without sanitization, allowing OS command strings to be constructed and enabling file writes on the server and potential code execut...