Every CVE whose affected-product data names Aenrich A+hrd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2025-12871 — CVSS 9.8 (critical): The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator…
CVE-2022-26676 — CVSS 9.8 (critical): aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute…
CVE-2022-39039 — CVSS 9.8 (critical): aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to…
CVE-2022-39041 — CVSS 9.8 (critical): aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this…
CVE-2022-39042 — CVSS 9.8 (critical): aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass…
CVE-2023-20852 — CVSS 9.8 (critical): aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote…
CVE-2023-20853 — CVSS 9.8 (critical): aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An…
CVE-2025-0585 — CVSS 9.8 (critical): The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL…
CVE-2025-12870 — CVSS 9.8 (critical): The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets…
CVE-2022-28741 — CVSS 8.1 (high): aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to…
CVE-2022-26675 — CVSS 7.5 (high): aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and…
CVE-2022-28740 — CVSS 7.5 (high): aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.
CVE-2022-28742 — CVSS 7.5 (high): aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate…
CVE-2022-39040 — CVSS 7.5 (high): aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to…
CVE-2025-0586 — CVSS 7.2 (high): The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification…
CVE-2025-0583 — CVSS 6.1 (medium): The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute…
CVE-2025-0584 — CVSS 5.3 (medium): The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this…
CVE-2024-3774 — CVSS 5.3 (medium): aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific…
CVE-2024-3775 — CVSS 5.3 (medium): aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows…
CVE-2025-12869 — CVSS 4.8 (medium): The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to…