| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39349 | OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure | orangehrm | orangehrm | - | - | 2026-04-07 18:22:38 | Deep Dive |
| CVE-2026-39348 | OrangeHRM is Missing Authorization Checks in AbstractFileController Subclasses Expose Job Specification and Vacancy Attachments | orangehrm | orangehrm | 中危 | - | 2026-04-07 18:21:30 | Deep Dive |
| CVE-2026-39347 | OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion | orangehrm | orangehrm | - | - | 2026-04-07 18:20:36 | Deep Dive |
| CVE-2026-39346 | OrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL Encoding | orangehrm | orangehrm | - | - | 2026-04-07 18:19:24 | Deep Dive |
| CVE-2026-39345 | OrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template Loader | orangehrm | orangehrm | - | - | 2026-04-07 18:17:35 | Deep Dive |
| CVE-2025-66291 | OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments | orangehrm | orangehrm | 中危 | - | 2025-11-29 03:08:01 | Deep Dive |
| CVE-2025-66290 | OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments | orangehrm | orangehrm | 中危 | - | 2025-11-29 03:06:56 | Deep Dive |
| CVE-2025-66289 | OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change | orangehrm | orangehrm | 中危 | - | 2025-11-29 03:06:26 | Deep Dive |
| CVE-2025-66225 | OrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset Workflow | orangehrm | orangehrm | 中危 | - | 2025-11-29 03:05:46 | Deep Dive |
| CVE-2025-66224 | OrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter Injection | orangehrm | orangehrm | 中危 | - | 2025-11-29 03:04:42 | Deep Dive |