Lucene search
K

5 matches found

CVE
CVE
added 2025/02/17 3:59 a.m.88 views

CVE-2025-1388

CVE-2025-1388 concerns Orca HCM from Learning Digital, with an Arbitrary File Upload vulnerability that allows remote attackers with regular privileges to upload and run web shells. Descriptions across sources reiterate the same flaw and impact (high severity per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U...

8.8CVSS7.2AI score0.00483EPSS
CVE
CVE
added 2024/09/09 2:57 a.m.76 views

CVE-2024-8584

CVE-2024-8584 affects Orca HCM by LEARNING DIGITAL and is described as a Missing Authentication vulnerability that allows an unauthenticated remote attacker to create an administrator account and log in. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8) indicates a critical imp...

9.8CVSS9.7AI score0.00677EPSS
CVE
CVE
added 2025/02/17 3:40 a.m.68 views

CVE-2025-1387

CVE-2025-1387 affects Orca HCM from LEARNING DIGITAL. The connected sources describe an improper authentication vulnerability that allows unauthenticated remote attackers to log in as any user, indicating a severe impact (high confidentiality, integrity, and availability) per the CVSS vector: AV:...

9.8CVSS7.2AI score0.00538EPSS
CVE
CVE
added 2025/02/17 4:15 a.m.59 views

CVE-2025-1389

CVE-2025-1389 pertains to Orca HCM by Learning Digital, where a SQL injection vulnerability exists in the application. The connected sources confirm that an attacker with regular privileges can inject arbitrary SQL commands to read, modify, and delete database contents. The issue is described con...

8.8CVSS8.2AI score0.00466EPSS
CVE
CVE
added 2024/09/09 3:3 a.m.50 views

CVE-2024-8585

The CVE-2024-8585 issue is a path-traversal vulnerability in Learning Digital’s Orca HCM file-download function, where a parameter is not properly restricted. This permits a remote attacker with regular privileges to download arbitrary system files. Affected software: Orca HCM from LEARNING DIGIT...

6.5CVSS6.5AI score0.00673EPSS