7 matches found
CVE-2025-48780
CVE-2025-48780 affects Soar Cloud HRD Human Resource Management System prior to version 7.3.2025.0408. A deserialization vulnerability in the download file function allows remote attackers to execute arbitrary system commands via a crafted serialized object. Public metrics list a critical impact ...
CVE-2025-48783
CVE-2025-48783 describes an external control of file name or path in the delete file function of Soar Cloud HRD Human Resource Management System, affected up to version 7.3.2025.0408. The vulnerability allows remote attackers to delete partial files by specifying arbitrary file paths. Exploitatio...
CVE-2025-48781
The CVE-2025-48781 issue affects Soar Cloud HRD Human Resource Management System, specifically versions prior to and including 7.3.2025.0408. The vulnerability is an external control of file name or path in the download file function, enabling remote attackers to obtain partial files by specifyin...
CVE-2025-48784
CVE-2025-48784 affects Soar Cloud HRD Human Resource Management System prior to version 7.3.2025.0408. The vulnerability is a missing authorization issue that allows remote attackers to modify system settings without prior authorization. Public references (NVD, Red Hat, PTSecurity, CVE lists) con...
CVE-2025-5192
Affected software: Soar Cloud HRD Human Resource Management System (client application) up to version 7.3.2025.0408. Vulnerability: Missing authentication for a critical function, allowing remote attackers to bypass authentication and access application functions. Root cause / details: Described ...
CVE-2025-48782
Soar Cloud HRD Human Resource Management System (Soar Cloud HRMS) is affected up to version 7.3.2025.0408. The vulnerability is an unrestricted upload of files with dangerous types in the upload file function, enabling remote command execution by a malicious file. The connected sources consistent...
CVE-2023-34357
Soar Cloud Ltd. HR Portal is affected by CVE-2023-34357 due to a weak password recovery mechanism: the password-reset link sent by email remains valid after a reset and past its expiration, enabling an attacker who can access the link (e.g., via browser history) to reuse it and change the passwor...