Lucene search
+L

2685 matches found

Nuclei
Nuclei
added 10 hours ago35 views

St. Joe ERP system - SQL Injection

A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...

9.8CVSS6.2AI score0.02899EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago14 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2712 info: name: Yonyou UFIDA ERP-NC V5.0 -...

6.1CVSS4.7AI score0.0079EPSS
Exploits1References1
Nuclei
Nuclei
added 10 hours ago16 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2711 info: name: Yonyou UFIDA ERP-NC V5.0 -...

6.1CVSS4.7AI score0.00872EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago15 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the flag parameter in menu.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2710 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting author:...

6.1CVSS4.7AI score0.00872EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago13 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the key and redirect parameters in login.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2709 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scriptin...

6.1CVSS4.7AI score0.00872EPSS
Exploits1References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-45133

The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6.2AI score0.00272EPSS
Exploits0References10
Cvelist
Cvelist
added yesterday28 views

CVE-2026-15349 ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce <= 1.17.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Company Location Creation via wp_ajax_erp-company-location AJAX Handler

The ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.17.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00272EPSS
Exploits0References10
CVE
CVE
added yesterday12 views

CVE-2026-15349

CVE-2026-15349 affects the ERP: Complete HR, Accounting & CRM Suite Built for WooCommerce (WordPress). The vulnerability is an authorization bypass in the wp_ajax_erp-company-location AJAX handler, allowing authenticated users with subscriber-level access and higher to create arbitrary company lo...

4.3CVSS6.2AI score0.00272EPSS
Exploits0References10
Nuclei
Nuclei
added 2 days ago146 views

Dolibarr ERP CMS `list.php` - SQL Injection

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. id: CVE-2024-5315 info: name: Dolibarr ERP CMS list.php - SQL Injection author: rootxharsh,iamnoooob,pdresearch severity: critical description: | Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0....

9.1CVSS7.1AI score0.32872EPSS
Exploits0References2
Patchstack
Patchstack
added 3 days ago6 views

WordPress WP ERP plugin <= 1.17.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by K. Sorrachat in WordPress Plugin WP ERP versions = 1.17.5...

5.3AI score
Exploits0Affected Software1
NVD
NVD
added 2026/07/09 8:16 a.m.5 views

CVE-2026-13011

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/09 7:55 a.m.7 views

EUVD-2026-42539

The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.17.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6AI score0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:9 a.m.6 views

CVE-2026-14807

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 7:9 a.m.7 views

EUVD-2026-41816

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 7:9 a.m.23 views

CVE-2026-14807

The CVE-2026-14807 entry concerns PROG MIS’s ERP App with a Use of Hard-coded Credentials vulnerability. The connected documentation confirms unauthenticated remote access that could log in and reveal application code, enabling retrieval of the database account and password. Reported CVSS metrics...

9.8CVSS6.1AI score0.00463EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 7:9 a.m.38 views

CVE-2026-14807 PROG MIS|ERP App - Use of Hard-coded Credentials

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...

9.8CVSS0.00463EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:20 p.m.7 views

CVE-2026-57950

ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access to sale order operations by exploiting an incorrect permission namespace enforcement...

8.6CVSS5.8AI score0.00294EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.11 views

CVE-2026-11619

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Apache OFBiz 授权问题漏洞

Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.07 had an authorization vulnerability; this vulnerability stemmed from an issue wi...

8.8CVSS5.3AI score0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 2:30 a.m.8 views

CVE-2026-11619 Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References6
Rows per page
Query Builder