CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

CVE-2026-44205

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0...

6.9CVSS0.00047EPSS

Exploits0References1

NVD•added 2 days ago•5 views

CVE-2026-41581

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via getbloglist. This issue has been patched in versions 15.106.0 and 16.16.0...

6.9CVSS0.0003EPSS

Exploits0References1

Vulnrichment•added 2 days ago•3 views

CVE-2026-44205 Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload

6.9CVSS5.3AI score0.00047EPSS

Exploits0References1

CVE•added 2 days ago•9 views

CVE-2026-44205

CVE-2026-44205 affects the Frappe framework (prior to 15.106.0). The issue is a stored XSS in the user profile image upload path that allows an attacker to execute malicious scripts in the browsers of other users. The vulnerability is mitigated by upgrading to version 15.106.0, where it is patche...

6.9CVSS5.4AI score0.00047EPSS

Exploits0References1

Cvelist•added 2 days ago•22 views

CVE-2026-44205 Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload

6.9CVSS0.00047EPSS

Exploits0References1

Vulnrichment•added 2 days ago•4 views

CVE-2026-41581 Frappe Vulnerable to Possible SQL Injection via get_blog_list

6.9CVSS5.8AI score0.0003EPSS

Exploits0References1

Cvelist•added 2 days ago•22 views

CVE-2026-41581 Frappe Vulnerable to Possible SQL Injection via get_blog_list

6.9CVSS0.0003EPSS

Exploits0References1

EUVD•added 2 days ago•4 views

EUVD-2026-36452

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0...

6.9CVSS5.1AI score0.00047EPSS

Exploits0References1

CVE•added 2 days ago•13 views

CVE-2026-47739

CVE-2026-47739 affects the Frappe framework. Prior to versions 15.106.0 and 16.16.0, a stored XSS vulnerability existed in Note due to insufficient sanitization. The issue is mitigated by upgrading to 15.106.0 or 16.16.0 or later. The CVSS-derived metrics indicate a medium impact with network acc...

6.9CVSS5.2AI score0.00047EPSS

Exploits0References1

Positive Technologies•added 2 days ago•8 views

PT-2026-48879

6.9CVSS5.2AI score0.00047EPSS

Exploits0References2

NVD•added 2026/05/13 10:16 p.m.•12 views

CVE-2026-44441

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16...

5CVSS0.00028EPSS

Exploits0References1

ATTACKERKB•added 2026/05/13 9:14 p.m.•5 views

CVE-2026-44441

5CVSS5.8AI score0.00028EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/13 9:14 p.m.•27 views

CVE-2026-44441 ERPNext: Possible SSRF by any authenticated user

5CVSS0.00028EPSS

Exploits0References1

Positive Technologies•added 2026/05/13 12:0 a.m.•7 views

PT-2026-40820

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.106.0 ERPNext versions prior to 16.16.0 Description A malicious user can send a crafted request to an endpoint, causing the server to make an HTTP call to a service chosen by the attacker. This is a Server-Side...

5CVSS5.8AI score0.00028EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by