Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/04/24 2:40 a.m.33 views

CVE-2026-41317 Frappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generation

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS.press.api.account.createapisecret is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit...

8.7CVSS0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 2:40 a.m.4 views

CVE-2026-41317 Frappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generation

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS.press.api.account.createapisecret is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit...

8.7CVSS5.2AI score0.00165EPSS
Exploits0References2
CVE
CVE
added 2026/04/24 2:40 a.m.16 views

CVE-2026-41317

The CVE concerns Press, a Frappe-based app, where the API endpoint press.api.account.create_api_secret is vulnerable to CSRF-like exploits. The issue stems from the endpoint accepting unsafe HTTP methods (GET) and writing to the database, enabling unauthorized actions without user interaction. A ...

8.7CVSS5.8AI score0.00165EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/10 3:27 p.m.13 views

CVE-2025-53545

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...

6.9CVSS7AI score0.00299EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/23 3:45 p.m.26 views

CVE-2024-49751 Frappe Press possible HTML injection through SaaS Signup inputs

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user who injected the unsafe HTML code would onl...

5.1CVSS0.00479EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/23 3:45 p.m.10 views

CVE-2024-49751 Frappe Press possible HTML injection through SaaS Signup inputs

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user who injected the unsafe HTML code would onl...

5.1CVSS6.8AI score0.00479EPSS
Exploits0References2
Rows per page
Query Builder