Lucene search
K

493 matches found

RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.8 views

CVE-2026-44447

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

8.8CVSS5.9AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.11 views

CVE-2026-44442

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.17 views

CVE-2026-44440

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is...

6.5CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.16 views

CVE-2026-44445

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

6.5CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.34 views

CVE-2026-44447

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

8.8CVSS0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.16 views

CVE-2026-44448

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0...

6.5CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.19 views

CVE-2026-44441

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16...

5CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.11 views

CVE-2026-44442

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

9.9CVSS0.00279EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.16 views

CVE-2026-44446

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and...

8.8CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 9:20 p.m.46 views

CVE-2026-44448 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0...

5.9CVSS0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:20 p.m.8 views

CVE-2026-44448 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0...

5.9CVSS5.8AI score0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:20 p.m.7 views

CVE-2026-44448

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0...

5.9CVSS5.8AI score0.00145EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/13 9:20 p.m.12 views

EUVD-2026-30199

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0...

5.9CVSS5.8AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 9:20 p.m.38 views

CVE-2026-44448

CVE-2026-44448 affects ERPNext prior to versions 15.102.0 and 16.11.0, where certain endpoints did not enforce proper authorization, allowing users to modify data beyond their permitted role. The root cause is missing validation on those endpoints, leading to unauthorised document modification. T...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 9:19 p.m.50 views

CVE-2026-44447 ERPNext: Possibility of SQL Injection due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

8.8CVSS0.00307EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:19 p.m.8 views

CVE-2026-44447

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

8.8CVSS5.9AI score0.00307EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/13 9:19 p.m.18 views

EUVD-2026-30198

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

8.8CVSS5.9AI score0.00307EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 9:19 p.m.31 views

CVE-2026-44447

ERPNext is affected by a SQL injection vulnerability in endpoints prior to version 16.9.0 that could allow a malicious actor to extract sensitive information through specially crafted requests. The issue has been fixed in version 16.9.0. Remediation: upgrade to 16.9.0 or newer. The available conn...

8.8CVSS5.9AI score0.00307EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 9:19 p.m.8 views

CVE-2026-44447 ERPNext: Possibility of SQL Injection due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

8.8CVSS5.9AI score0.00307EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 9:18 p.m.32 views

CVE-2026-44446

CVE-2026-44446 affects ERPNext (open-source ERP) with SQL injection in certain endpoints prior to versions 15.104.3 and 16.14.0. The root cause is insufficient input validation in the affected endpoints, enabling an attacker to craft requests that reveal sensitive information. The vulnerability i...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder