Aenrich Technology A+Hrd vulnerabilities
6 known vulnerabilities affecting aenrich_technology/a+hrd.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-0585P2CRITICALCVSS 9.8≤ 7.52025-01-20
CVE-2025-0585 [CRITICAL] CWE-89 CVE-2025-0585: The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote
The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
nvd
CVE-2025-0586P3HIGHCVSS 7.2≤ 7.52025-01-20
CVE-2025-0586 [HIGH] CWE-502 CVE-2025-0586: The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote att
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.
nvd
CVE-2024-3775P3HIGHCVSS 7.5v6.8v7.0+2 more2024-04-15
CVE-2024-3775 [HIGH] CWE-88 CVE-2024-3775: aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properl
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.
nvd
CVE-2025-0584P4MEDIUMCVSS 5.3≤ 7.52025-01-20
CVE-2025-0584 [MEDIUM] CWE-918 CVE-2025-0584: The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote
The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.
nvd
CVE-2024-3774P4MEDIUMCVSS 5.3v6.8≥ 7.0, ≤ 7.22024-04-15
CVE-2024-3774 [MEDIUM] CWE-306 CVE-2024-3774: aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lack
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.
nvd
CVE-2025-0583P4MEDIUMCVSS 6.1≤ 7.52025-01-20
CVE-2025-0583 [MEDIUM] CWE-79 CVE-2025-0583: The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unaut
The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
nvd