67 matches found
CVE-2026-9497
A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...
CVE-2025-51743
An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51744
An issue was discovered in jishenghua JSHERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51746
An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51742
An issue was discovered in jishenghua JSHERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject, introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads...
CVE-2025-51745
An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...
EUVD-2025-199651
An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...
EUVD-2025-199642
An issue was discovered in jishenghua JSHERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject, introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads...
EUVD-2025-199649
An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51744
An issue was discovered in jishenghua JSHERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51746
An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51744
An issue was discovered in jishenghua JSHERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51745
An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51746
An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51745
An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51743
An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51743
An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...
CVE-2025-51742
An issue was discovered in jishenghua JSHERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject, introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads...
CVE-2025-51742
An issue was discovered in jishenghua JSHERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject, introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads...
jshERP 安全漏洞
jshERP Huaxia ERP is a homegrown ERP system by the individual developer of China's Ji Sheng Hua. A security vulnerability exists in jshERP version 2.3.1, which stems from the material/getMaterialEnableSerialNumberList endpoint passing search query parameters directly to parseObject, which could...