VYPR

a+HCM

by aEnrich

CVEs (2)

  • CVE-2026-6835MedApr 22, 2026
    risk 0.40cvss 6.1epss 0.00

    The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.

  • CVE-2025-12872MedNov 12, 2025
    risk 0.35cvss 5.4epss 0.00

    The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL.