Solution sectors / enterprise-software
Enterprise Software
Enterprise software — ERP, CRM, HR and finance, collaboration and IT service management — runs core business processes and holds sensitive corporate data. This hub tracks CVE trends across it.
itsm-monitoring · 361document-mgmt · 175collaboration-groupware · 103erp · 82hr-finance · 41crm · 36bi-reporting · 10
Cumulative CVEs
43,697
across 291 monthly snapshots
Latest month
925
+56.5% MoM · +109.8% YoY
Peak month
925
Jun 26
KEV this month
4
185 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Deployment mix
How this sector's software is typically delivered — whether you patch it yourself or a vendor does. AI-assisted vendor classification.
- On-prem86%
- SaaS8%
- Mixed6%
Latest CVEs in this sector
The 15 most recently published vulnerabilities tagged to Enterprise Software.
- CVE-2026-28322SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability5.6
- CVE-2026-58450Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter4.3
- CVE-2026-58448yudao-cloud < 2026.06 - BPM Module Broken Access Control via process-instance API6.5
- CVE-2026-11541IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling7.4
- CVE-2026-11594IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities8.5
- CVE-2025-36359IBM DevOps Loop is susceptible to an Insufficient Session Expiration vulnerability.8.1
- CVE-2026-11546IBM WebSphere Application Server Liberty is affected by a server-side request forgery vulnerability7.1
- CVE-2026-11595IBM WebSphere Application Server is affected by a Path Traversal vulnerability4.3
- CVE-2026-11708IBM WebSphere Application Server is affected by a cross-site scripting vulnerability9.3
- CVE-2026-11712IBM WebSphere Application Server is affected by a cross-site scripting vulnerability9.3
- CVE-2026-11714IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability8.5
- CVE-2026-11806IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability7.2
- CVE-2026-13449XXE attack in IBM Business Automation Manager Open Editions7.6
- CVE-2026-13759IBM WebSphere eXtreme Scale is affected by Insecure Deserilization7.5
- CVE-2026-13772IBM WebSphere eXtreme Scale's OQL is affected by remote code execution7.5
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Top vendors
Most CVEs in this sector, latest monthly snapshot.
| Vendor | CVEs | Crit | KEV |
|---|---|---|---|
| ibm | 75 | 16 | · |
| itsourcecode | 43 | · | · |
| dell | 38 | 1 | · |
| codeastro | 26 | · | · |
| frappe | 26 | · | · |
| openproject | 17 | 4 | · |
| duck-organization | 16 | · | · |
| cacti | 15 | 5 | · |
| sap_se | 12 | 3 | · |
| hclsoftware | 10 | · | · |
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| itsm-monitoring | 361 | 76 | 3 | 69 | — | microsoft sharepoint server 2019 (31) · microsoft sharepoint enterprise server 2016 (30) · openproject (17) |
| document-mgmt | 175 | 39 | · | 23 | — | experience manager (60) · adobe experience manager (57) · microsoft sharepoint server 2019 (30) |
| — | 117 | 15 | · | 21 | — | hospital management system (16) · websphere application server (14) · frappe framework (12) |
| collaboration-groupware | 103 | 20 | · | 29 | — | microsoft sharepoint server subscription edition (31) · sharepoint server (31) · office online server (12) |
| erp | 82 | 32 | 1 | 15 | — | jd edwards enterpriseone tools (14) · peoplesoft enterprise pt peopletools (7) · frontaccounting (4) |
| hr-finance | 41 | 2 | · | 8 | — | fees management system (9) · human resource management system (7) · student_management_system (5) |
| crm | 36 | 13 | · | 14 | — | siebel apps - marketing (5) · siebel crm cloud applications (5) · groundhogg — crm, newsletters, and marketing automation (3) |
| bi-reporting | 10 | 1 | · | 6 | — | collibra platform (on-prem) (2) · collibra platform (saas) (2) · dvp-12se (2) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification