VYPR
Vendor

ORCA

Products
5
CVEs
5
Across products
5
Status
Private

Products

5

Recent CVEs

5
  • CVE-2018-0643MedSep 7, 2018
    risk 0.43cvss 6.6epss 0.01

    Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.

  • CVE-2026-25599MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca…

  • CVE-2021-35967MedJul 19, 2021
    risk 0.35cvss 5.3epss 0.01

    The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.

  • CVE-2005-3940Dec 1, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter.

  • CVE-2005-3815Nov 26, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.