Aenrich A+hrd
14 CVEs affecting Aenrich A+hrd. Latest disclosed: 2026-04-22. Critical: 8, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-12871 | Critical | 9.8 | 2025-11-12 | The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and us… |
CVE-2025-12870 | Critical | 9.8 | 2025-11-12 | The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administr… |
CVE-2023-20853 | Critical | 9.8 | 2023-04-27 | aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote atta… |
CVE-2023-20852 | Critical | 9.8 | 2023-04-27 | aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit t… |
CVE-2022-39042 | Critical | 9.8 | 2023-01-03 | aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access… |
CVE-2022-39041 | Critical | 9.8 | 2023-01-03 | aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject ar… |
CVE-2022-39039 | Critical | 9.8 | 2023-01-03 | aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s… |
CVE-2022-26676 | Critical | 9.8 | 2022-04-07 | aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to con… |
CVE-2022-39040 | High | 7.5 | 2023-01-03 | aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication… |
CVE-2022-26675 | High | 7.5 | 2022-04-07 | aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal… |
CVE-2026-6834 | Medium | 6.5 | 2026-04-22 | The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through… |
CVE-2026-6833 | Medium | 6.5 | 2026-04-22 | The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database con… |
CVE-2025-12872 | Medium | 5.4 | 2025-11-12 | The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing ma… |
CVE-2025-12869 | Medium | 4.8 | 2025-11-12 | The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent Ja… |