All 8 CVE vulnerabilities found in ERPNext, with AI-generated Chinese analysis, references, and POCs.
Vendor: Talos
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-32954 | ERP has a possibility SQL Injection vulnerability due to missing validation CWE-89 | 7.1 | High | 2026-03-20 |
| CVE-2026-27471 | ERP: Document access through endpoints due to missing validation CWE-862 | 4.3AI | MediumAI | 2026-02-21 |
| CVE-2025-58439 | ERP: Possibility of SQL injection due to missing validation CWE-89 | 8.1 | High | 2025-09-06 |
| CVE-2022-23056 | ERPNext - Stored XSS leads to account takover CWE-79 | 5.4 | - | 2022-06-22 |
| CVE-2020-6145 | ERPNext SQL注入漏洞 CWE-89 | 8.8 | - | 2020-08-10 |
| CVE-2018-3883 | Frappe ERPNext SQL注入漏洞 | 8.8 | - | 2018-09-12 |
| CVE-2018-3884 | Frappe ERPNext SQL注入漏洞 | 8.8 | - | 2018-09-12 |
| CVE-2018-3885 | Frappe ERPNext SQL注入漏洞 | 8.8 | - | 2018-09-12 |
All 8 known CVE vulnerabilities affecting ERPNext with full Chinese analysis, references, and POCs where available.