EUVD-2026-24599

The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-6833

The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2026-6834

Technical details about CVE-2026-6834 are not publicly provided in the supplied documents. No affected products, versions, impact, or remediation are detailed here; monitor for updates.

CVE-2026-6833

CVE-2026-6833 concerns the a+HRD product developed by aEnrich, described across multiple sources as a SQL Injection vulnerability. The issue affects the application’s ability to read database contents via arbitrary SQL commands when authenticated remotely. Official metrics indicate CVSS v3.1 base...

CVE-2025-12872

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

CVE-2025-12871

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges...

CVE-2025-12870

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges...

CVE-2025-12869

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load...

CVE-2025-0584

The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network...

CVE-2025-0585

The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

PT-2025-3974 · Aenrich Technology · A+Hrd

Name of the Vulnerable Software and Affected Versions: a+HRD from aEnrich Technology affected versions not specified Description: The issue is a Reflected Cross-site Scripting vulnerability, which allows unauthenticated remote attackers to execute arbitrary JavaScript codes in the user's browser...

CVE-2024-3775

aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files...

CVE-2023-20852

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service...

aEnrich a+HRD 代码问题漏洞

aEnrich a+HRD is a full-service human resources development solution from aEnrich, Inc. A security vulnerability exists in aEnrich that stems from its a+HRD's insufficient filtering of specific URL parameters which allows an unauthenticated, remote attacker to send arbitrary HTTP requests to...

PT-2023-13671 · A+Hrd · A+Hrd

Name of the Vulnerable Software and Affected Versions: a+HRD affected versions not specified Description: The issue is related to inadequate filtering for a specific URL parameter in a+HRD, allowing an unauthenticated remote attacker to exploit this and send arbitrary HTTPs requests. This can lea...