Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41320

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

6.5CVSS5.6AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.7 views

CVE-2026-45081

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40889

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...

6.5CVSS5.5AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-40888

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 6:16 p.m.17 views

CVE-2026-45081

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 5:18 p.m.14 views

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 5:18 p.m.42 views

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-44054

Name of the Vulnerable Software and Affected Versions Frappe HR versions prior to 16.5.0 Description Frappe HR is an open-source human resources management solution HRMS. Authenticated employees can access leave details of other employees because of improper authorization checks. Recommendations...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Frappe HR 安全漏洞

Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 16.5.0 contained security vulnerabilities. These vulnerabilities were caused by improper authorization checks, which could allow authorized employees to access the leave details of...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 8:17 p.m.6 views

CVE-2026-41320

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

6.5CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 8:17 p.m.7 views

CVE-2026-40889

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...

6.5CVSS0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 8:17 p.m.6 views

CVE-2026-40888

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

6.5CVSS0.00232EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 7:34 p.m.30 views

CVE-2026-41320 Frappe HR has possibility of SQL Injection due to improper field sanitization

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

6.5CVSS0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 7:34 p.m.6 views

EUVD-2026-24290

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 7:34 p.m.3 views

CVE-2026-41320 Frappe HR has possibility of SQL Injection due to improper field sanitization

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 7:32 p.m.31 views

CVE-2026-40889 Frappe HR has Improper Access Control on Files

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...

6.5CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 7:32 p.m.9 views

CVE-2026-40889

CVE-2026-40889 concerns Frappe HR (HRMS) and describes an Improper Access Control on Files . Before versions 15.58.2 and 16.4.2 , authenticated users could access files they should not be able to view by abusing a vulnerable API endpoint. The affected line items indicate that the vulnerability re...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/21 7:32 p.m.3 views

EUVD-2026-24278

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 7:32 p.m.4 views

CVE-2026-40889 Frappe HR has Improper Access Control on Files

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 7:28 p.m.3 views

CVE-2026-40888 Frappe HR vulnerable to Improper Access Control

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are availab...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References3
Rows per page
Query Builder