Approved changes feed: RSS · Atom
cpe:2.3:a:aenrich:a+hrd:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aenrich (bebdf35c-9222-5ffb-927c-024624a0ce65) |
|---|---|
| Product | A+Hrd (7fc4f999-2faf-5baa-8549-89929b9687a9) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-6834 |
vulnerable | 2026-06-08 08:07:05.120596 |
aEnrich|a+HRD - Missing Authorization
MEDIUM (6.5)
The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.
Published: 2026-04-22T03:36:58.169Z
Updated: 2026-04-22T12:44:33.096Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-6833 |
vulnerable | 2026-06-08 08:07:05.120185 |
aEnrich|a+HRD - SQL Injection
MEDIUM (6.5)
The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Published: 2026-04-22T03:32:28.659Z
Updated: 2026-04-22T12:45:37.247Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12872 |
vulnerable | 2026-06-08 07:04:31.116770 |
aEnrich|eHRD - Stored Cross-Site Scripting
MEDIUM (5.4)
The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL.
Published: 2025-11-12T07:47:11.458Z
Updated: 2025-11-12T14:48:29.059Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12871 |
vulnerable | 2026-06-08 07:04:31.116237 |
aEnrich|a+HRD - Authentication Abuse
CRITICAL (9.8)
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.
Published: 2025-11-12T07:38:30.394Z
Updated: 2025-11-12T17:01:46.367Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12870 |
vulnerable | 2026-06-08 07:04:31.115669 |
aEnrich|eHRD - Authentication Abuse
CRITICAL (9.8)
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.
Published: 2025-11-12T07:35:43.207Z
Updated: 2025-11-12T17:02:29.442Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12869 |
vulnerable | 2026-06-08 07:04:31.113670 |
aEnrich|eHRD - Stored Cross-Site Scripting
MEDIUM (4.8)
The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load.
Published: 2025-11-12T07:30:18.298Z
Updated: 2025-11-12T16:24:25.239Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-20853 |
vulnerable | 2026-06-08 05:54:17.920167 |
aEnrich a+HRD - Deserialization of Untrusted Data
CRITICAL (9.8)
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.
Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-30T21:16:25.951Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-20852 |
vulnerable | 2026-06-08 05:54:17.918300 |
aEnrich a+HRD - Deserialization of Untrusted Data
CRITICAL (9.8)
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.
Published: 2023-04-27T00:00:00.000Z
Updated: 2025-01-30T21:17:19.561Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39042 |
vulnerable | 2026-06-08 05:47:17.676416 |
aEnrich a+HRD - Improper Authentication
CRITICAL (9.8)
aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T15:49:09.860Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39041 |
vulnerable | 2026-06-08 05:47:17.675945 |
aEnrich a+HRD - SQL Injection
CRITICAL (9.8)
aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T15:49:33.990Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39040 |
vulnerable | 2026-06-08 05:47:17.675445 |
aEnrich a+HRD - Path Traversal
HIGH (7.5)
aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T15:32:10.602Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39039 |
vulnerable | 2026-06-08 05:47:17.672825 |
aEnrich a+HRD - Server-Side Request Forgery (SSRF)
CRITICAL (9.8)
aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T15:34:48.454Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26676 |
vulnerable | 2026-06-08 05:41:52.802027 |
aEnrich a+HRD - Broken Access Control
CRITICAL (9.8)
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.
Published: 2022-04-07T18:22:44.359Z
Updated: 2024-09-16T17:24:17.624Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26675 |
vulnerable | 2026-06-08 05:41:52.800645 |
aEnrich a+HRD - Path Traversal
HIGH (7.5)
aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.
Published: 2022-04-07T18:22:42.703Z
Updated: 2024-09-17T01:56:47.206Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.