Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2025/11/26 5:45 p.m.11 views

CVE-2025-11461

CVE-2025-11461 affects Frappe CRM 1.53.1. The vulnerability is multiple SQL injections in the Dashboard Controller caused by unsafe concatenation of user-controlled parameters into dynamic SQL statements. Red Hat and EUVD entries confirm the same description. Connected documents do not specify a ...

8.8CVSS7.2AI score0.00045EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2025/06/30 12:0 a.m.2 views

PT-2025-27461 · Frappe · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.94.3 Frappe versions prior to 15.58.0 Description: A carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This issue can only be exploited on self-hosted...

8.8CVSS7.3AI score0.00379EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2025/06/30 12:0 a.m.2 views

PT-2025-27459 · Frappe · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.94.3 Frappe versions prior to 15.58.0 Description: The issue is related to a SQL injection vulnerability that could be achieved via a specially crafted request, potentially allowing malicious individuals to gain...

8.7CVSS8.1AI score0.00181EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2025/03/25 12:0 a.m.1 views

PT-2025-12809 · Frappe · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.91.0 and prior to 15.52.0 Description: Frappe is a full-stack web application framework. A system user could create specific documents in a manner that allows for remote code execution. Recommendations: Frappe...

8.8CVSS6.8AI score0.00833EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2024/05/09 12:0 a.m.3 views

PT-2024-25685 · Frappe · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.74.0 Frappe versions prior to 15.26.0 Description: The login page of Frappe accepts a redirect argument, allowing redirects to untrusted external URLs. This behavior can be exploited by malicious actors for phishin...

6.1CVSS7.2AI score0.00272EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2024/03/20 12:0 a.m.4 views

PT-2024-21653 · Frappe · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.66.3 Frappe versions prior to 15.16.0 Description: Frappe is a full-stack web application framework. The issue allows file permission to be bypassed using certain endpoints, granting less privileged users permissio...

8.1CVSS6.4AI score0.00056EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2022/11/25 12:0 a.m.5 views

PT-2022-26042 · Frappe · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe version 14.10.0 Description: The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import file...

6.5CVSS6.4AI score0.00381EPSS
Exploits1References6
Rows per page
Query Builder