| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-10609 | Hardcoded Credentials in Logo Software's TigerWings ERP | Logo Software Inc. | TigerWings ERP | Medium | 5.9 | 2025-10-03 12:02:41 | Deep Dive |
| CVE-2024-13150 | SQLi in Fayton Software's fayton.pro ERP | Fayton Software and Consulting Services | fayton.pro ERP | Critical | 9.8 | 2025-09-29 12:59:49 | Deep Dive |
| CVE-2025-11140 | Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference | Bjskzy | Zhiyou ERP | High | 7.3 | 2025-09-29 04:02:05 | Deep Dive |
| CVE-2025-11139 | Bjskzy Zhiyou ERP com.artery.form.services.FormStudioUpdater uploadStudioFile path traversal | Bjskzy | Zhiyou ERP | Medium | 6.3 | 2025-09-29 03:32:06 | Deep Dive |
| CVE-2024-12796 | Reflected XSS in Holistic IT, Consultancy Coop.'s Workcube ERP | Holistic IT, Consultancy Coop. | Workcube ERP | Medium | 5.3 | 2025-09-16 13:37:44 | Deep Dive |
| CVE-2025-9619 | E4 Sistemas Mercatus ERP id resource injection | E4 Sistemas | Mercatus ERP | Medium | 5.3 | 2025-08-29 04:02:06 | Deep Dive |
| CVE-2024-13979 | St. Joe ERP System SingleRowQueryConverter SQL Injection | Hangzhou Shengqiao Technology Co. Ltd. | St. Joe ERP System ("圣乔ERP系统") | - | - | 2025-08-27 21:27:16 | Deep Dive |
| CVE-2025-9391 | Bjskzy Zhiyou ERP com.artery.workflow.ServiceImpl getFieldValue sql injection | Bjskzy | Zhiyou ERP | Medium | 6.3 | 2025-08-24 14:32:10 | Deep Dive |
| CVE-2025-52800 | WordPress The E-Commerce ERP <= 2.1.1.3 - Broken Access Control Vulnerability | Unity Business Technology Pty Ltd | The E-Commerce ERP | High | 7.3 | 2025-08-14 10:33:58 | Deep Dive |
| CVE-2012-10059 | Dolibarr ERP/CRM Post-Auth OS Command Injection | Dolibarr Project | ERP/CRM | - | - | 2025-08-13 20:33:51 | Deep Dive |
| CVE-2025-55077 | Tyler Technologies ERP Pro 9 SaaS application escape | Tyler Technologies | ERP Pro 9 SaaS | High | 7.4 | 2025-08-07 18:37:33 | Deep Dive |
| CVE-2025-52836 | WordPress The E-Commerce ERP <= 2.1.1.3 - Privilege Escalation Vulnerability | Unity Business Technology Pty Ltd | The E-Commerce ERP | Critical | 9.8 | 2025-07-16 11:27:53 | Deep Dive |
| CVE-2024-11739 | SQLi in Case Informatics' Case ERP | Case Informatics | Case ERP | Critical | 9.8 | 2025-06-27 15:41:19 | Deep Dive |
| CVE-2025-49987 | WordPress CRM ERP Business Solution plugin <= 1.13 - Broken Access Control Vulnerability | WPFactory | CRM ERP Business Solution | Medium | 5.3 | 2025-06-20 15:04:10 | Deep Dive |
| CVE-2025-4738 | Authenticated SQLi in Yirmibes Software's MY ERP | Yirmibes Software | MY ERP | Critical | 9.8 | 2025-06-19 12:45:41 | Deep Dive |
| CVE-2025-4631 | Profitori 2.0.6.0 - 2.1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via stocktend_object Endpoint | unitybusinesstechnology | The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis | Critical | 9.8 | 2025-05-31 06:40:58 | Deep Dive |
| CVE-2025-4863 | Advaya Softech GEMS ERP Portal studentLogin.action sql injection | Advaya Softech | GEMS ERP Portal | Medium | 6.3 | 2025-05-18 06:31:04 | Deep Dive |
| CVE-2025-4768 | feng_ha_ha/megagao ssm-erp/production_ssm PictureServiceImpl.java uploadPicture unrestricted upload | feng_ha_ha | ssm-erp | Medium | 6.3 | 2025-05-16 10:00:07 | Deep Dive |
| CVE-2024-12812 | WP ERP < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information | Unknown | WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | - | - | 2025-05-15 20:06:58 | Deep Dive |
| CVE-2024-12808 | WP ERP | Complete HR solution with recruitment < 1.13.4 - Admin+ Stored XSS | Unknown | WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | - | - | 2025-05-15 20:06:57 | Deep Dive |