Aenrich

A+hrd

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-12872

  • EPSS 0.04%
  • Veröffentlicht 12.11.2025 07:47:11
  • Zuletzt bearbeitet 12.11.2025 16:19:12

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into ...

9.8

CVE-2025-12871

Medienbericht
  • EPSS 0.34%
  • Veröffentlicht 12.11.2025 07:38:30
  • Zuletzt bearbeitet 18.11.2025 18:28:18

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

9.8

CVE-2025-12870

Medienbericht
  • EPSS 0.21%
  • Veröffentlicht 12.11.2025 07:35:43
  • Zuletzt bearbeitet 18.11.2025 19:31:34

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

4.8

CVE-2025-12869

  • EPSS 0.04%
  • Veröffentlicht 12.11.2025 07:30:18
  • Zuletzt bearbeitet 18.11.2025 19:30:29

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load.

7.2

CVE-2025-0586

  • EPSS 2.53%
  • Veröffentlicht 20.01.2025 03:15:09
  • Zuletzt bearbeitet 17.11.2025 19:11:46

The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.

9.8

CVE-2025-0585

  • EPSS 0.12%
  • Veröffentlicht 20.01.2025 03:15:09
  • Zuletzt bearbeitet 17.11.2025 19:13:22

The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

5.3

CVE-2025-0584

  • EPSS 0.03%
  • Veröffentlicht 20.01.2025 03:15:09
  • Zuletzt bearbeitet 17.11.2025 19:14:15

The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.

6.1

CVE-2025-0583

  • EPSS 0.03%
  • Veröffentlicht 20.01.2025 02:15:19
  • Zuletzt bearbeitet 17.11.2025 19:15:59

The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

7.5

CVE-2024-3775

  • EPSS 0.09%
  • Veröffentlicht 15.04.2024 04:15:16
  • Zuletzt bearbeitet 08.04.2025 16:30:51

aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.

5.3

CVE-2024-3774

  • EPSS 0.07%
  • Veröffentlicht 15.04.2024 03:16:08
  • Zuletzt bearbeitet 17.11.2025 18:53:09

aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.