Filtered by vendor Aenrich
Subscriptions
Filtered by product A+hrd
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6833 | 1 Aenrich | 1 A+hrd | 2026-04-22 | 6.5 Medium |
| The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||||
| CVE-2026-6834 | 1 Aenrich | 1 A+hrd | 2026-04-22 | 6.5 Medium |
| The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method. | ||||
| CVE-2025-12872 | 1 Aenrich | 1 A+hrd | 2026-04-15 | 5.4 Medium |
| The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL. | ||||
| CVE-2025-12870 | 1 Aenrich | 2 A+hrd, A\+hrd | 2025-11-18 | 9.8 Critical |
| The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges. | ||||
| CVE-2025-12869 | 1 Aenrich | 2 A+hrd, A\+hrd | 2025-11-18 | 4.8 Medium |
| The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load. | ||||
| CVE-2025-12871 | 1 Aenrich | 2 A+hrd, A\+hrd | 2025-11-18 | 9.8 Critical |
| The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges. | ||||
Page 1 of 1.