CVE-2026-8254

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/salessave. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the...

CVE-2026-8220

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted ear...

ABC ERP 跨站请求伪造漏洞

ABC ERP is an enterprise resource planning system developed by ABC ERP Corporation. Version 0.6.4 of ABC ERP contains a cross-site request forgeing vulnerability. This vulnerability stems from the configurarperfil.php file, which allows for cross-site request forgeing, potentially enabling...

CVE-2025-51742

An issue was discovered in jishenghua JSHERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject, introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads...

PT-2025-48081

An issue was discovered in jishenghua JSH ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject, introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads...

Bjskzy Zhiyou ERP 代码问题漏洞

Bjskzy Zhiyou ERP is an Enterprise Resource Planning software from Bjskzy Beijing, China. A code issue vulnerability exists in Bjskzy Zhiyou ERP version 11.0 and prior versions, which stems from the incorrect manipulation of the parameter contentString of the function openForm in the component...

Bjskzy Zhiyou ERP 安全漏洞

Bjskzy Zhiyou ERP is an enterprise resource planning software from Beijing, China-based Bjskzy Zhiyou Bjskzy. A security vulnerability exists in Bjskzy Zhiyou ERP version 11.0 and earlier, which originates from SQL injection due to incorrect manipulation of the parameter sql in the...

CVE-2024-11739

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Case Informatics Case ERP allows SQL Injection. This issue affects Case ERP: before V2.0.1...

Zucchetti Ad Hoc Infinity 安全漏洞

Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A security vulnerability exists in Zucchetti Ad Hoc Infinity version 2.4 that originates from a local file inclusion in /servlet/Report and could lead to remote code execution...

Matrix Tafnit 跨站脚本漏洞

Matrix Tafnit is an enterprise resource planning solution from Matrix. A cross-site scripting vulnerability exists in Matrix Tafnit version v8, which stems from improper input neutralization during web page generation and is susceptible to cross-site scripting attacks...

CVE-2024-21747 WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CR...

PT-2023-31597 · Grupo Embras · Geosiap Erp

Name of the Vulnerable Software and Affected Versions: Grupo Embras GEOSIAP ERP version 2.2.167.02 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the codLogin parameter on the login page. Recommendations: For version 2.2.167.02, conside...