CVE-2026-6833 aEnrich｜a+HRD - SQL Injection

The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-12872 aEnrich｜eHRD - Stored Cross-Site Scripting

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

CVE-2025-12872

The CVE-2025-12872 entry describes aStored Cross‑Site Scripting vulnerability in aEnrich’s a+HRD and a+HCM (Red Hat/other linked advisories confirm these products). The vulnerability arises from stored XSS where an authenticated remote attacker can upload files containing malicious JavaScript cod...

CVE-2025-12871 aEnrich｜a+HRD - Authentication Abuse

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges...

CVE-2025-12870

The CVE-2025-12870 entry concerns the a+HRD product from aEnrich. The vulnerability is described as an Authentication Abuse issue whereby unauthenticated remote attackers can craft packets to obtain administrator access tokens and then operate with elevated privileges on the system. The reported ...

CVE-2025-12869

CVE-2025-12869 affects the a+HRD product by aEnrich. The issue is a Stored Cross-Site Scripting vulnerability that allows remote attackers with administrator privileges to inject persistent JavaScript executed in users’ browsers on page load. Documents consistently describe this as stored XSS in ...

CVE-2022-28741

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...

CVE-2022-39041

aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

CVE-2022-39040

aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

CVE-2022-39039

aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTPs request to launch Server-Side Request Forgery SSRF attack, to perform arbitrary system command or disrupt service...