Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the flag parameter in menu.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2710 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting author:...

CVE-2026-32954

ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue h...

CVE-2026-31917

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

CVE-2019-25446

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these...

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-69427)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

CVE-2013-6284

Unspecified vulnerability in the Statutory Reporting for Insurance FSSR component in the Financial Services module for SAP ERP Central Component ECC allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."...

CVE-2025-51746

An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

CVE-2025-13168 ury-erp ury pos_extend.py overrided_past_order_list sql injection

A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...

EUVD-2020-16364

Malware in sbrugna...

EUVD-2020-27349

Malware in sbrugna...

EUVD-2025-3048

Malicious code in bioql PyPI...

EUVD-2024-48864

Malicious code in bioql PyPI...

EUVD-2022-24409

Malicious code in bioql PyPI...

EUVD-2022-2079

Malicious code in bioql PyPI...

EUVD-2024-16402

Malicious code in bioql PyPI...

CVE-2025-11140

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed...

CVE-2024-11739 SQLi in Case Informatics' Case ERP

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Case Informatics Case ERP allows SQL Injection. This issue affects Case ERP: before V2.0.1...

SQL Injection Vulnerability in UFIDA U8Cloud of UFIDA Network Technology Co. Ltd (CNVD-2025-17961)

UFIDA U8Cloud is an enterprise-level ERP used to assist companies in achieving efficient and digitalized business collaboration and process management. A SQL injection vulnerability exists in UFIDA U8Cloud, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2024-42563

An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file...

CVE-2024-0490

A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...