Vulnerabilidades em orangehrm
10 resultadosCVE-2025-66224CRITICALOrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter InjectionEPSS 0.5%CVE-2026-39345MEDIUMOrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template LoaderEPSS 0.3%CVE-2025-66289HIGHOrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password ChangeEPSS 0.2%CVE-2026-39347MEDIUMOrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After CompletionEPSS 0.2%CVE-2025-66291MEDIUMOrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview AttachmentsEPSS 0.2%CVE-2025-66290MEDIUMOrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate AttachmentsEPSS 0.2%CVE-2026-39348MEDIUMOrangeHRM is Missing Authorization Checks in AbstractFileController Subclasses Expose Job Specification and Vacancy AttachmentsEPSS 0.2%CVE-2026-39346MEDIUMOrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL EncodingEPSS 0.2%CVE-2025-66225HIGHOrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset WorkflowEPSS 0.2%CVE-2026-39349LOWOrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern DisclosureEPSS 0.1%