Learningdigital Orca Hcm — known CVE vulnerabilities
Every CVE whose affected-product data names Learningdigital Orca Hcm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2024-8584 — CVSS 9.8 (critical): Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this…
CVE-2021-35963 — CVSS 9.8 (critical): The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote…
CVE-2021-35965 — CVSS 9.8 (critical): The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the…
CVE-2025-1387 — CVSS 9.8 (critical): Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the…
CVE-2025-1389 — CVSS 8.8 (high): Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL…
CVE-2025-1388 — CVSS 8.8 (high): Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and…
CVE-2021-35964 — CVSS 7.3 (high): The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to…
CVE-2024-8585 — CVSS 6.5 (medium): Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote…
CVE-2021-35966 — CVSS 6.1 (medium): The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be…
CVE-2021-35967 — CVSS 5.3 (medium): The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the…
CVE-2021-35968 — CVSS 4.3 (medium): The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers…