VYPR
Vendor

aEnrich

Products
4
CVEs
24
Across products
27
Status
Private

Products

4

Recent CVEs

24
View all 24 CVEs →
  • CVE-2023-20853CriApr 27, 2023
    risk 0.64cvss 9.8epss 0.01

    aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or…

  • CVE-2023-20852CriApr 27, 2023
    risk 0.64cvss 9.8epss 0.01

    aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.

  • CVE-2022-39042CriJan 3, 2023
    risk 0.64cvss 9.8epss 0.01

    aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.

  • CVE-2022-39041CriJan 3, 2023
    risk 0.64cvss 9.8epss 0.01

    aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.

  • CVE-2022-39039CriJan 3, 2023
    risk 0.64cvss 9.8epss 0.01

    aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service.

  • CVE-2022-26676CriApr 7, 2022
    risk 0.64cvss 9.8epss 0.01

    aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.

  • CVE-2022-28741HigSep 9, 2022
    risk 0.53cvss 8.1epss 0.01

    aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x

  • CVE-2022-39040HigJan 3, 2023
    risk 0.49cvss 7.5epss 0.02

    aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

  • CVE-2022-28742HigSep 9, 2022
    risk 0.49cvss 7.5epss 0.01

    aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in…

  • CVE-2022-28740HigSep 9, 2022
    risk 0.49cvss 7.5epss 0.01

    aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.

  • CVE-2022-26675HigApr 7, 2022
    risk 0.49cvss 7.5epss 0.02

    aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.

  • CVE-2026-6834MedApr 22, 2026
    risk 0.42cvss 6.5epss 0.00

    The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.

  • CVE-2026-6833MedApr 22, 2026
    risk 0.42cvss 6.5epss 0.00

    The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

  • CVE-2026-6835MedApr 22, 2026
    risk 0.40cvss 6.1epss 0.00

    The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.

  • CVE-2025-12872MedNov 12, 2025
    risk 0.35cvss 5.4epss 0.00

    The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL.

  • CVE-2025-12871Nov 12, 2025
    risk 0.00cvss epss 0.01

    The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

  • CVE-2025-12870Nov 12, 2025
    risk 0.00cvss epss 0.01

    The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

  • CVE-2025-12869Nov 12, 2025
    risk 0.00cvss epss 0.00

    The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load.

  • CVE-2025-0586Jan 20, 2025
    risk 0.00cvss epss 0.01

    The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.

  • CVE-2025-0585Jan 20, 2025
    risk 0.00cvss epss 0.01

    The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.