VYPR
Vendor

Soar Cloud System Co., Ltd.

Products
2
CVEs
12
Across products
12
Status
Private

Products

2

Recent CVEs

12
  • CVE-2024-5995HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.00

    The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused.

  • CVE-2025-48784Jun 6, 2025
    risk 0.00cvss epss 0.00

    A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.

  • CVE-2025-48783Jun 6, 2025
    risk 0.00cvss epss 0.00

    An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths.

  • CVE-2025-48782Jun 6, 2025
    risk 0.00cvss epss 0.00

    An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.

  • CVE-2025-48781Jun 6, 2025
    risk 0.00cvss epss 0.00

    An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.

  • CVE-2025-48780Jun 6, 2025
    risk 0.00cvss epss 0.00

    A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.

  • CVE-2025-5192Jun 6, 2025
    risk 0.00cvss epss 0.00

    A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.

  • CVE-2023-34357Sep 7, 2023
    risk 0.00cvss epss 0.00

    Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the…

  • CVE-2021-22855Feb 17, 2021
    risk 0.00cvss epss 0.02

    The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.

  • CVE-2021-22854Feb 17, 2021
    risk 0.00cvss epss 0.02

    The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

  • CVE-2021-22853Feb 17, 2021
    risk 0.00cvss epss 0.01

    The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.

  • CVE-2019-10257Jun 19, 2019
    risk 0.00cvss epss 0.02

    Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the…