CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0586 – aEnrich Technology a+HRD - Insecure Deserialization
https://notcve.org/view.php?id=CVE-2025-0586
20 Jan 2025 — The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. • https://www.twcert.org.tw/en/cp-139-8375-59abd-2.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0585 – aEnrich Technology a+HRD - SQL Injection
https://notcve.org/view.php?id=CVE-2025-0585
20 Jan 2025 — The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. • https://www.twcert.org.tw/en/cp-139-8373-91edc-2.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0584 – aEnrich Technology a+HRD - Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2025-0584
20 Jan 2025 — The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network. • https://www.twcert.org.tw/en/cp-139-8371-1c17a-2.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0583 – aEnrich Technology a+HRD - Reflected Cross-site Scripting(XSS)
https://notcve.org/view.php?id=CVE-2025-0583
20 Jan 2025 — The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. • https://www.twcert.org.tw/en/cp-139-8369-cf396-2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2024-3775 – aEnrich Technology a+HRD - Argument Injection
https://notcve.org/view.php?id=CVE-2024-3775
15 Apr 2024 — aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files. La funcionalidad de aEnrich Technology a+HRD para descargar archivos usando youtube-dl.exe no restringe adecuadamente la entrada del usuario. Esto permite a los atacantes pasar argumentos arbitrarios a youtube-dl.exe, lo que lleva a la descarga parcial de archivos ... • https://github.com/crumbledwall/CVE-2024-37759_PoC • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-3774 – aEnrich Technology a+HRD - Exposure of Sensitive Data
https://notcve.org/view.php?id=CVE-2024-3774
15 Apr 2024 — aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values. La funcionalidad de aEnrich Technology a+HRD para la recuperación frontal de valores de configuración del sistema carece de restricciones adecuadas en un parámetro específico, lo que permite a los atacantes modificar este parámetro para acceder a ciertos valores d... • https://github.com/Eteblue/CVE-2024-37742 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •