Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

orangehrm — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting orangehrm. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by orangehrm:orangehrm
CVE IDTitleCVSSSeverityPublished
CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure — orangehrmCWE-326 6.5AIMediumAI2026-04-07
CVE-2026-39348 OrangeHRM is Missing Authorization Checks in AbstractFileController Subclasses Expose Job Specification and Vacancy Attachments — orangehrmCWE-862 6.5 -2026-04-07
CVE-2026-39347 OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion — orangehrmCWE-285 5.5AIMediumAI2026-04-07
CVE-2026-39346 OrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL Encoding — orangehrmCWE-284 8.8AIHighAI2026-04-07
CVE-2026-39345 OrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template Loader — orangehrmCWE-22 6.5AIMediumAI2026-04-07
CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments — orangehrmCWE-285 6.5 -2025-11-29
CVE-2025-66290 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments — orangehrmCWE-285 6.5 -2025-11-29
CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change — orangehrmCWE-613 8.8 -2025-11-29
CVE-2025-66225 OrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset Workflow — orangehrmCWE-20 9.8 -2025-11-29
CVE-2025-66224 OrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter Injection — orangehrmCWE-94 8.1 -2025-11-29

This page lists every published CVE security advisory associated with orangehrm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.