Shodan
Vulnerabilities
Vulnerable Software
Aenrich:  >> A+hrd  >> 7.1  Security Vulnerabilities
CVE-2025-12869
The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-11-12
CVE-2025-12870
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-12
CVE-2025-12871
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-11-12
CVE-2025-0584
The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-20
CVE-2025-0585
The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-01-20
CVE-2025-0586
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.
CVSS Score
7.2
EPSS Score
0.025
Published
2025-01-20
CVE-2025-0583
The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2025-01-20
CVE-2024-3775
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-04-15
CVE-2024-3774
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-04-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved