EUVD-2025-25426

Malicious code in bioql PyPI...

EUVD-2025-25417

Malicious code in bioql PyPI...

CVE-2025-55367

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

CVE-2025-55368

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

CVE-2025-55368

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

CVE-2025-55367

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

CVE-2025-55368

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

CVE-2025-55367

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

jshERP 安全漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of Ji Sheng Hua in China. A security vulnerability exists in jshERP v3.5, which stems from improper access control in the SupplierController.java component and could lead to modification of the supplier status...

CVE-2025-55367

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

CVE-2025-55367

CVE-2025-55367 affects jshERP v3.5 due to an incorrect access-control flaw in the SupplierController.java component. This vulnerability permits unauthorized attackers to arbitrarily modify the supplier status under any account. Documents consistently describe the issue and target component, but d...

CVE-2025-55368

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

CVE-2025-55368

CVE-2025-55368 affects jshERP v3.5 in the controller\RoleController.java, where an incorrect access control allows unauthorized attackers to arbitrarily modify the supplier status under any account. Multiple sources (RH, NVD, OSV, CNNVD, CVE list, PT Security) confirm the same description and ver...

CVE-2025-55368

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

CVE-2025-55367

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...

PT-2025-34219 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.5 Description: An incorrect access control issue exists in the controllerSupplierController.java component of jshERP version 3.5. This allows unauthorized attackers to arbitrarily modify the supplier status. Recommendations:...

PT-2025-34221 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.5 Description: An incorrect access control issue exists in the controllerRoleController.java component of jshERP version 3.5. This allows unauthorized attackers to arbitrarily modify the supplier status under any account...