277 matches found
CVE-2026-13011 ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support <= 1.17.5 - Authenticated (HR Manager+) SQL Injection via 'orderby' Parameter
The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-14807
ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...
CVE-2026-57950
Summary (CVE-2026-57950): ruoyi-vue-pro before 2026.05 contains a broken access control in ErpSaleOrderController due to incorrect permission namespace enforcement. The controller applies the erp:sale-out namespace instead of the intended erp:sale-order namespace, allowing attackers with erp:sale...
EUVD-2026-35796
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...
CVE-2026-44744 SQL Injection vulnerability in SAP S/4HANA
SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...
Microsoft Dynamics 365 安全漏洞
Microsoft Dynamics 365 is a ERP business solution developed by the American company Microsoft, designed for multinational enterprises. It is used for financial management, production management, and business intelligence management, among other purposes. There are security vulnerabilities in...
SAP S/4HANA SQL注入漏洞
SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. SAP S/4HANA has a SQL injection vulnerability, which stems from SQL injections in remote enabled module components, potentially allowing unauthorized database...
ERPNext 跨站脚本漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 16.16.0 of ERPNext contains a cross-site scripting vulnerability. This vulnerability arises from users with project record editing privileges being able to persist arbitrary...
CVE-2026-37712
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-al...
Apache OFBiz 授权问题漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 had vulnerabilities related to authorization issues, which stemmed from imprope...
FacturaScripts 信息泄露漏洞
FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to version 2026 contained a vulnerability related to information leakage. This vulnerability stemmed from the Library module not clearing the EXIF/XMP/IPTC metadata...
EUVD-2026-30196
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...
Microsoft Dynamics 365 安全漏洞
Microsoft Dynamics 365 is a ERP business solution developed by the American company Microsoft, designed for multinational enterprises. It is used for financial management, production management, and business intelligence management, among other purposes. There are security vulnerabilities in...
CVE-2026-8242
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...
CVE-2026-8218
A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchasereturnsave. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the...
CVE-2026-8262
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...
CVE-2026-8256 Devs Palace ERP Online mr-save cross site scripting
A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...
PT-2026-39549
A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...
PT-2026-39548
A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/add new customer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for...
CVE-2026-8254
Dev@ ERP Online (vulnerable up to 4.0.0) has a cross-site scripting flaw in the /inventory/sales_save endpoint. The issue arises from manipulation of that function, enabling remote exploitation with user interaction required for triggering. Public PoC/exploit appears to exist per sources; vendor ...