Every CVE whose affected-product data names Jishenghua Jsherp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2024-24001 — CVSS 9.8 (critical): jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo…
CVE-2025-51745 — CVSS 9.8 (critical): An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks.
CVE-2025-51746 — CVSS 9.8 (critical): An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization…
CVE-2024-24002 — CVSS 9.8 (critical): jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo…
CVE-2024-24003 — CVSS 9.8 (critical): jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo…
CVE-2024-24004 — CVSS 9.8 (critical): jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo…
CVE-2025-51742 — CVSS 9.8 (critical): An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query…
CVE-2025-51743 — CVSS 9.8 (critical): An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson…
CVE-2025-51744 — CVSS 9.8 (critical): An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks.
CVE-2025-55368 — CVSS 8.8 (high): Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily…
CVE-2025-55370 — CVSS 8.8 (high): Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all…
CVE-2025-60801 — CVSS 8.2 (high): jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp…
CVE-2025-60800 — CVSS 7.5 (high): Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive…
CVE-2026-1546 — CVSS 6.3 (medium): A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the…
CVE-2025-8839 — CVSS 6.3 (medium): A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the…
CVE-2025-7947 — CVSS 5.4 (medium): A vulnerability classified as critical has been found in jshERP up to 3.5. Affected is an unknown function of the file /user/delete of the…
CVE-2025-8840 — CVSS 5.4 (medium): A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the…
CVE-2025-55371 — CVSS 5.3 (medium): Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the…
CVE-2025-55366 — CVSS 5.3 (medium): Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account…
CVE-2025-55367 — CVSS 5.3 (medium): Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily…
CVE-2025-7566 — CVSS 4.7 (medium): A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcelByParam…
CVE-2025-67344 — CVSS 4.6 (medium): jshERP v3.5 and earlier is affected by a stored Cross Site Scripting (XSS) vulnerability via the /msg/add endpoint.
CVE-2025-67341 — CVSS 4.6 (medium): jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files…
CVE-2025-7948 — CVSS 4.3 (medium): A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the…
CVE-2026-1549 — CVSS 4.3 (medium): A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file…
CVE-2026-1588 — CVSS 2.7 (low): A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/insta…