Lucene search
+L

5 matches found

OSV
OSV
added 2025/10/28 6:15 p.m.5 views

CVE-2025-60800

Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request...

7.5CVSS5.7AI score0.00291EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/11 9:32 a.m.1 views

CVE-2025-8840 jshERP Endpoint deleteBatch improper authorization

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclos...

5.5CVSS7.2AI score0.00429EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/11 9:32 a.m.14 views

CVE-2025-8840 jshERP Endpoint deleteBatch improper authorization

A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclos...

5.5CVSS0.00429EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/11 9:2 a.m.3 views

CVE-2025-8839 jshERP Endpoint addUser improper authorization

A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...

6.5CVSS7.2AI score0.00328EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/11 9:2 a.m.15 views

CVE-2025-8839 jshERP Endpoint addUser improper authorization

A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...

6.5CVSS0.00328EPSS
Exploits1References4
Rows per page
Query Builder