Lucene search
K

22 matches found

EUVD
EUVD
added 2026/01/29 12:31 a.m.8 views

EUVD-2026-4847

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads ...

6.5CVSS5.7AI score0.00343EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.9 views

PT-2026-5265

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in path traversal. It...

5.1CVSS5.5AI score0.00592EPSS
Exploits1References6
CVE
CVE
added 2026/01/28 11:2 p.m.23 views

CVE-2026-1549

CVE-2026-1549 affects jishenghua jshERP up to version 3.6. The vulnerability is a path traversal in PluginController’s uploadPluginConfigFile handling of the configFile argument, with potential remote exploitation. Public exploits exist. External notices (Red Hat, CIRCL, etc.) corroborate the iss...

5.3CVSS5.5AI score0.00467EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/01/28 10:15 p.m.7 views

CVE-2026-1546

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads ...

9.8CVSS0.00343EPSS
Exploits1References6
CVE
CVE
added 2026/01/28 10:2 p.m.19 views

CVE-2026-1546

CVE-2026-1546 affects jishenghua jshERP up to version 3.6. The vulnerability is an SQL injection in DepotItemMapperEx.getBillItemByParam (file /jshERP-boot/depotItem/importItemExcel) triggered by manipulating the barCodes parameter. It can be exploited remotely and has been publicly disclosed. Re...

9.8CVSS5.7AI score0.00343EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/26 12:42 a.m.13 views

CVE-2025-51745

An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...

9.8CVSS7.1AI score0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 9:32 p.m.4 views

EUVD-2025-199651

An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...

6.5AI score0.00407EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/25 9:32 p.m.4 views

EUVD-2025-199642

An issue was discovered in jishenghua JSHERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject, introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads...

6.5AI score0.00407EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/25 9:32 p.m.5 views

EUVD-2025-199650

An issue was discovered in jishenghua JSHERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...

6.5AI score0.00407EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/25 9:32 p.m.7 views

EUVD-2025-199649

An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...

6.5AI score0.00407EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/25 9:32 p.m.5 views

EUVD-2025-199648

An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

6.5AI score0.00407EPSS
Exploits0References5
NVD
NVD
added 2025/11/25 9:15 p.m.5 views

CVE-2025-51745

An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...

9.8CVSS0.00407EPSS
Exploits0References4
OSV
OSV
added 2025/11/25 9:15 p.m.6 views

CVE-2025-51745

An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...

9.8CVSS7AI score
Exploits0References4
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.11 views

CVE-2025-51745

An issue was discovered in jishenghua JSHERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...

0.00407EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.10 views

PT-2025-48085

An issue was discovered in jishenghua JSH ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

7.1AI score0.00407EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/25 12:0 a.m.7 views

CVE-2025-51746

An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

6.7AI score0.00407EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.12 views

PT-2025-48083

An issue was discovered in jishenghua JSH ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...

7.1AI score0.00407EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/25 12:0 a.m.5 views

CVE-2025-51743

An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...

6.7AI score0.00407EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.16 views

CVE-2025-51746

An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

0.00407EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.7 views

PT-2025-48084

An issue was discovered in jishenghua JSH ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks...

7.1AI score0.00407EPSS
Exploits0References5
Rows per page
Query Builder