Lucene search
K

493 matches found

EUVD
EUVD
added 2026/05/13 9:11 p.m.9 views

EUVD-2026-30195

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:11 p.m.8 views

CVE-2026-44442 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 9:11 p.m.49 views

CVE-2026-44442

ERPNext (free/open source ERP) has a vulnerability in versions prior to 16.9.1 where certain endpoints did not enforce proper authorization, allowing users to modify data beyond their permitted role due to missing validation. The issue affects endpoints that perform data modification and is class...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40823

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.104.3 ERPNext versions prior to 16.14.0 Description Certain endpoints are susceptible to SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, allowing an attacker ...

8.8CVSS5.8AI score0.00266EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.23 views

PT-2026-40821

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 16.9.1 Description Certain endpoints in this open source Enterprise Resource Planning tool fail to enforce proper authorization checks, which allows users to modify data beyond the permissions assigned to their role...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40822

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.104.3 ERPNext versions prior to 16.12.0 Description An improper restriction of XML external entity XXE reference in the EDI Module allows an authenticated attacker to read files from the local file system, includin...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

ERPNext SQL注入漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.104.3 and 16.14.0 of ERPNext contained SQL injection vulnerabilities. These vulnerabilities stemmed from certain endpoints being vulnerable to SQL injection attacks...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

ERPNext SQL注入漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to ERPNext 16.9.0 contained a SQL injection vulnerability. This vulnerability stems from certain endpoints being vulnerable to SQL injection attacks, which may allow...

8.8CVSS5.8AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.102.0 and 16.11.0 of ERPNext contained security vulnerabilities. These vulnerabilities stemmed from certain endpoints failing to perform appropriate authorization...

6.5CVSS5.8AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

ERPNext 路径遍历漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.101.1 and 16.10.0 of ERPNext contained a path traversal vulnerability. This vulnerability stems from a path traversal vulnerability in endpoints, which could allow...

6.5CVSS5.9AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

ERPNext 代码问题漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to 15.104.3 and 16.12.0 contained code vulnerabilities. These vulnerabilities stemmed from improper restrictions on XML external entity references in the EDI...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to ERPNext 16.9.1 contained security vulnerabilities; these vulnerabilities stemmed from certain endpoints failing to perform appropriate authorization checks, allowing...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

ERPNext 代码问题漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.106.0 and 16.16.0 of ERPNext contained code vulnerabilities. These vulnerabilities stemmed from the ability for malicious users to send specially crafted requests t...

5CVSS5.9AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40819

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.101.1 ERPNext versions prior to 16.10.0 Description An improper limitation of a pathname to a restricted directory, known as path traversal, allows an authenticated adjacent attacker to read arbitrary files via an...

6.5CVSS5.9AI score0.00363EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40825

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.102.0 ERPNext versions prior to 16.11.0 Description Certain endpoints fail to enforce proper authorization checks, which allows users to modify data beyond the permissions assigned to their role. Recommendations...

5.9CVSS5.8AI score0.00145EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40820

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.106.0 ERPNext versions prior to 16.16.0 Description A malicious user can send a crafted request to an endpoint, causing the server to make an HTTP call to a service chosen by the attacker. This is a Server-Side...

5CVSS5.8AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40824

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 16.9.0 Description Certain endpoints are susceptible to SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, allowing an attacker to extract sensitive information via...

8.8CVSS5.8AI score0.00307EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.11 views

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

6.1CVSS5.9AI score0.00175EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.7 views

CVE-2026-38431

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection SSTI. An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered...

9.8CVSS5.8AI score0.0039EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/05 6:33 p.m.8 views

EUVD-2026-27402

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection SSTI. An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered...

5.8AI score0.0039EPSS
Exploits1References2
Rows per page
Query Builder