| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-43008 | Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal | SAP_SE | SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal | Medium | 5.8 | 2025-05-13 00:19:30 | Deep Dive |
| CVE-2025-4530 | feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal | feng_ha_ha | ssm-erp | Medium | 4.3 | 2025-05-11 05:00:06 | Deep Dive |
| CVE-2025-3020 | Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting | Wiesemann & Theis | ERP-Gateway 12x Digital Input, 6x Digital Relais | Medium | 5.4 | 2025-05-06 08:01:59 | Deep Dive |
| CVE-2025-4333 | feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java uploadFile unrestricted upload | feng_ha_ha | ssm-erp | Medium | 6.3 | 2025-05-06 08:00:06 | Deep Dive |
| CVE-2025-31411 | WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.12 - Arbitrary File Read/Deletion vulnerability | aribhour | Linet ERP-Woocommerce Integration | Medium | 5.9 | 2025-04-10 10:16:12 | Deep Dive |
| CVE-2025-30582 | WordPress DyaPress ERP/CRM plugin <= 18.0.2.0 - Local File Inclusion Vulnerability | aytechnet | DyaPress ERP/CRM | High | 8.1 | 2025-04-10 08:09:41 | Deep Dive |
| CVE-2025-30013 | Code Injection vulnerability in SAP ERP BW Business Content | SAP_SE | SAP ERP BW Business Content | Medium | 6.7 | 2025-04-08 07:14:08 | Deep Dive |
| CVE-2025-30896 | WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability | weDevs | WP ERP | Medium | 5.4 | 2025-03-27 10:55:48 | Deep Dive |
| CVE-2025-2712 | Yonyou UFIDA ERP-NC top.jsp cross site scripting | Yonyou | UFIDA ERP-NC | Medium | 4.3 | 2025-03-24 21:31:04 | Deep Dive |
| CVE-2025-2711 | Yonyou UFIDA ERP-NC systop.jsp cross site scripting | Yonyou | UFIDA ERP-NC | Medium | 4.3 | 2025-03-24 21:00:11 | Deep Dive |
| CVE-2025-2710 | Yonyou UFIDA ERP-NC menu.jsp cross site scripting | Yonyou | UFIDA ERP-NC | Medium | 4.3 | 2025-03-24 20:31:04 | Deep Dive |
| CVE-2025-2709 | Yonyou UFIDA ERP-NC login.jsp cross site scripting | Yonyou | UFIDA ERP-NC | Medium | 4.3 | 2025-03-24 20:00:11 | Deep Dive |
| CVE-2025-2706 | Digiwin ERP UploadAjaxAPI.ashx unrestricted upload | Digiwin | ERP | Medium | 6.3 | 2025-03-24 18:31:04 | Deep Dive |
| CVE-2025-2705 | Digiwin ERP FileUploadApi.ashx DoWebUpload unrestricted upload | Digiwin | ERP | High | 7.3 | 2025-03-24 16:00:08 | Deep Dive |
| CVE-2024-8774 | Privilege Escalation in SIMPLE.ERP | Simple SA | SIMPLE.ERP | - | - | 2025-03-24 12:34:44 | Deep Dive |
| CVE-2024-8773 | Protocol Downgrade in SIMPLE.ERP | Simple SA | SIMPLE.ERP | - | - | 2025-03-24 12:33:16 | Deep Dive |
| CVE-2025-2358 | Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System HTTP Header Service.asmx sql injection | Shenzhen Mingyuan Cloud Technology | Mingyuan Real Estate ERP System | Medium | 6.3 | 2025-03-17 03:00:12 | Deep Dive |
| CVE-2024-12146 | SQLi in Finder Fire Safety's Finder ERP/CRM (New System) | Finder Fire Safety | Finder ERP/CRM (New System) | High | 7.5 | 2025-03-06 14:08:34 | Deep Dive |
| CVE-2024-12144 | SQLi in Finder Fire Safety's Finder ERP/CRM (Old System) | Finder Fire Safety | Finder ERP/CRM (Old System) | Critical | 9.8 | 2025-03-06 14:05:09 | Deep Dive |
| CVE-2025-1646 | Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload | Lumsoft | ERP | High | 7.3 | 2025-02-25 02:31:04 | Deep Dive |