CVE-2025-9339 SQL Injection in SIMPLE.ERP

SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows to delete tables with a name of maximum 6...

EUVD-2025-7986

Malicious code in bioql PyPI...

EUVD-2025-7989

Malicious code in bioql PyPI...

CVE-2024-8773

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

CVE-2024-8774

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the...

CVE-2024-8773

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...

CVE-2024-8774

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the...

CVE-2024-8774

The CVE-2024-8774 issue affects the SIMPLE.ERP client (versions 6.20–6.30). The root cause is storing the superuser password in a recoverable format, enabling any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. Impact characteristics in the CVSS vector indicate h...

CVE-2024-8774 Privilege Escalation in SIMPLE.ERP

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the...

CVE-2024-8773

The CVE-2024-8773 issue affects SIMPLE.ERP clients (versions 6.20–6.30). A server-side MS SQL protocol downgrade can force unencrypted communication, enabling data interception and modification. Only version 6.30 received a patch ([email protected]) to enforce encryption. Versions 6.20 and 6.25 remain u...

CVE-2024-8773 Protocol Downgrade in SIMPLE.ERP

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make ...