Lucene search
+L

14 matches found

Vulnrichment
Vulnrichment
added 2026/04/22 3:36 a.m.5 views

CVE-2026-6834 aEnrich|a+HRD - Missing Authorization

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.5 views

aEnrich a+HRD 安全漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A security vulnerability exists in aEnrich a+HRD that stems from authentication abuse and could allow an unauthenticated remote attacker to send specially crafted packets to obtain administrator access...

9.8CVSS7AI score0.0063EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.7 views

PT-2025-46573

Name of the Vulnerable Software and Affected Versions aEnrich a+HRD affected versions not specified Description The a+HRD software contains an authentication issue that allows unauthenticated remote attackers to create administrator access tokens. These tokens can then be used to gain access to t...

9.8CVSS7AI score0.00589EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/01/20 12:0 a.m.6 views

aEnrich a+HRD 代码问题漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A code issue vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which stems from the presence of an insecure deserialization vulnerability that allows attackers to execute arbitrary code...

7.2CVSS7.5AI score0.00713EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/20 12:0 a.m.6 views

aEnrich a+HRD SQL注入漏洞

aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. A SQL injection vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which originates from allowing an attacker to inject arbitrary SQL commands to read, modify, and delete database content...

9.8CVSS8.2AI score0.00712EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.7 views

aEnrich a+HRD 参数注入漏洞

aEnrich a+HRD is an all-around human resource development solution from Acer China aEnrich. A parameter injection vulnerability exists in aEnrich a+HRD version 6.8, 7.0, 7.1, 7.2. The vulnerability stems from the file download function of youtube-dl.exe not properly restricting the user input,...

7.5CVSS7.3AI score0.00408EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.6 views

aEnrich a+HRD 信息泄露漏洞

aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. An information disclosure vulnerability exists in aEnrich a+HRD version 6.8, 7.0, 7.1, 7.2. The vulnerability stems from the lack of restriction on specific parameters, which leads to an information...

5.3CVSS6.2AI score0.00357EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/27 12:0 a.m.5 views

aEnrich a+HRD 代码问题漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. A code issue vulnerability exists in aEnrich Technology a+HRD, which stems from a deserialization vulnerability in the presence of untrusted data. An unauthenticated, remote attacker could use this...

9.8CVSS9AI score0.00986EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/03 12:0 a.m.6 views

CVE-2022-39040 aEnrich a+HRD - Path Traversal

aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

7.5CVSS7.4AI score0.01734EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/03 12:0 a.m.33 views

CVE-2022-39039 aEnrich a+HRD - Server-Side Request Forgery (SSRF)

aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTPs request to launch Server-Side Request Forgery SSRF attack, to perform arbitrary system command or disrupt service...

9.8CVSS9.9AI score0.01022EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/03 12:0 a.m.25 views

CVE-2022-39040 aEnrich a+HRD - Path Traversal

aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

7.5CVSS7.9AI score0.01734EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.6 views

PT-2023-13674 · Unknown · Aenrich A+Hrd

Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD affected versions not specified Description: The issue is related to insufficient user input validation for a specific API parameter, allowing an unauthenticated remote attacker to inject arbitrary SQL commands. This can lead to...

9.8CVSS9.4AI score0.01235EPSS
Exploits0References3
OSV
OSV
added 2022/04/07 7:15 p.m.3 views

CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

9.8CVSS5.9AI score0.01308EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.5 views

aEnrich a+HRD 安全漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. The aEnrich a+HRD has a security vulnerability that allows an unauthenticated, remote attacker to control the system or disrupt services by uploading and executing malicious scripts using API functions...

9.8CVSS8.3AI score0.01308EPSS
Exploits0References2
Rows per page
Query Builder