CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

EUVD-2026-35000

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

5.8CVSS5AI score0.00042EPSS

Exploits0References7

EUVD•added yesterday•6 views

EUVD-2026-34998

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the...

5.5CVSS5.2AI score0.00051EPSS

Exploits0References7

NVD•added 2026/05/11 8:25 p.m.•9 views

CVE-2026-8320

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the component updatePlatformConfigByKey Endpoint. Such manipulation of the argument weixinUrl lead...

5.8CVSS0.00046EPSS

Exploits0References5

OSV•added 2026/01/29 2:16 p.m.•3 views

CVE-2026-1588

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in path traversal. It...

5.1CVSS5.2AI score

Exploits0References5

ATTACKERKB•added 2026/01/28 10:2 p.m.•3 views

CVE-2026-1546

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads ...

6.5CVSS5.7AI score0.00024EPSS

Exploits1References6Affected Software1

Positive Technologies•added 2025/10/28 12:0 a.m.•4 views

PT-2025-44195

Name of the Vulnerable Software and Affected Versions jshERP versions prior to commit 90c411a Description An access control issue exists in the /jshERP-boot/user/info interface of jshERP. An attacker can obtain sensitive information by sending a specially crafted GET request to this interface. Th...

7.5CVSS6.5AI score0.00067EPSS

Exploits1References5

RedhatCVE•added 2025/10/25 12:42 a.m.•5 views

CVE-2025-60801

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution RCE vulnerability via the jsherp function...

8.2CVSS8.7AI score0.00312EPSS

Exploits1References1

NVD•added 2025/10/24 4:26 p.m.•2 views

CVE-2025-60801

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution RCE vulnerability via the jsherp function...

8.2CVSS0.00312EPSS

Exploits1References2

OSV•added 2025/10/24 4:26 p.m.•1 views

CVE-2025-60801

jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution RCE vulnerability via the jsherp function...

8.2CVSS6.4AI score

Exploits0References2

CVE•added 2025/10/24 12:0 a.m.•11 views

CVE-2025-60801

The CVE-2025-60801 entry concerns jshERP up to commit fbda24da, with an unauthenticated remote code execution (RCE) via the jsh_erp function. The vulnerability is exploitable over network without authentication, with CVSSv3.1 base metrics indicating high severity (8.2) and impacts to confidential...

8.2CVSS8.3AI score0.00312EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-24135