Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

scshr

Source -

NVDADP

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

7
Related CVEsRelated ProductsRelated AssignersReports
8Vulnerabilities found
CVE-2025-48784
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-8.8||HIGH
EPSS-0.30% / 54.04%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 09:28
Updated-04 Feb, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soar Cloud HRD Human Resource Management System - Missing Authorization

A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.

Action-Not Available
Vendor-scshrSoar Cloud System CO., LTD.
Product-hr_portalHRD Human Resource Management System
CWE ID-CWE-862
Missing Authorization
CVE-2025-48783
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-8.8||HIGH
EPSS-0.27% / 51.11%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 09:27
Updated-04 Feb, 2026 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soar Cloud HRD Human Resource Management System - External Control of File Name or Path

An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths.

Action-Not Available
Vendor-scshrSoar Cloud System CO., LTD.
Product-hr_portalHRD Human Resource Management System
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-48782
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.9||CRITICAL
EPSS-0.82% / 74.76%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 09:24
Updated-04 Feb, 2026 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soar Cloud HRD Human Resource Management System - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.

Action-Not Available
Vendor-scshrSoar Cloud System CO., LTD.
Product-hr_portalHRD Human Resource Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-48781
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-8.7||HIGH
EPSS-0.31% / 54.40%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 09:21
Updated-04 Feb, 2026 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soar Cloud HRD Human Resource Management System - External Control of File Name or Path

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.

Action-Not Available
Vendor-scshrSoar Cloud System CO., LTD.
Product-hr_portalHRD Human Resource Management System
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-48780
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.9||CRITICAL
EPSS-1.26% / 79.78%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 09:19
Updated-04 Feb, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.

Action-Not Available
Vendor-scshrSoar Cloud System CO., LTD.
Product-hr_portalHRD Human Resource Management System
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-5192
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.3||CRITICAL
EPSS-0.55% / 68.28%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 09:15
Updated-04 Feb, 2026 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soar Cloud HRD Human Resource Management System - Missing Authentication for Critical Function

A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.

Action-Not Available
Vendor-scshrSoar Cloud System CO., LTD.
Product-hr_portalHRD Human Resource Management System
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-5995
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.23% / 46.45%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 07:18
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soar Cloud HR Portal - Insufficient Session Expiration

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused.

Action-Not Available
Vendor-Soar Cloudscshr
Product-HR Portalhr_portal
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2023-34357
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.12%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 02:00
Updated-26 Sep, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Soar Cloud Ltd. HR Portal - Weak Password Recovery Mechanism for Forgotten Password

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.

Action-Not Available
Vendor-scshrSoar Cloud Ltd.
Product-hr_portalHR Portal
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password