8 matches found
EUVD-2025-25417
Malicious code in bioql PyPI...
CVE-2025-55367
Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...
CVE-2025-55368
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...
CVE-2025-55371
Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method...
CVE-2025-55368
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...
CVE-2025-55366
CVE-2025-55366 affects jshERP v3.5; improper access control in the UserController.java component (controller\UserController.java) allows attackers to arbitrarily reset user passwords and perform horizontal privilege escalation. Affected software/version is jshERP 3.5; underlying cause is access c...
CVE-2025-55370
CVE-2025-55370 affects jshERP v3.5. The vulnerability arises from incorrect access control in the ResourceController.java component, allowing unauthorized attackers to modify an ID value to retrieve all related ID data. Root cause is improper access control in the controller code, with high sever...
CVE-2025-55371
Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method...