Browse all 6 CVE security advisories affecting unopim. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Unopim is an enterprise resource planning (ERP) solution designed for supply chain and inventory management. Historically, the system has been vulnerable to multiple remote code execution (RCE) flaws, cross-site scripting (XSS) attacks, and privilege escalation vulnerabilities, with six CVEs documented to date. Security researchers have identified authentication bypass issues and insecure default configurations as recurring concerns. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in business-critical functions suggests potential risks for organizations relying on the platform without rigorous hardening and regular security assessments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-55745 | UnoPim Quick Export feature is vulnerable to CSV injection — unopimCWE-1236 | 8.8AI | HighAI | 2025-08-22 |
| CVE-2025-55741 | unopim/unopim allows unauthorized product deletion via mass-delete endpoint — unopimCWE-284 | 8.1 | High | 2025-08-22 |
| CVE-2025-55744 | UnoPim vulnerable to CSRF on Product edit feature and creation of other types — unopimCWE-352 | 8.8AI | HighAI | 2025-08-21 |
| CVE-2025-55743 | UnoPim vulnerable to remote code execution through Arbitrary File upload — unopimCWE-434 | 8.1AI | HighAI | 2025-08-21 |
| CVE-2025-55742 | UnoPim Stored XSS via SVG MIME/Sanitizer Bypass — unopimCWE-79 | 8.0 | High | 2025-08-21 |
| CVE-2024-52305 | UnoPim Stored XSS : Cookie hijacking through Create User function — unopimCWE-616 | 6.5 | Medium | 2024-11-13 |
This page lists every published CVE security advisory associated with unopim. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.