Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNNVD
CNNVDadded 2026/02/03 12:0 a.m.4 views

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext 15.88.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the CSV import mechanism’s improper handling of inputs, which may lead to...

5.4CVSS5.7AI score0.00052EPSS
Exploits0References1
CVE
CVEadded 2026/02/03 12:0 a.m.8 views

CVE-2025-65923

ERPNext (up to 15.88.1) CSV import, specifically the Update Existing Records option, is affected by a Stored Cross-Site Scripting (XSS) vulnerability. A malicious CSV field can contain JavaScript that is stored in the database and executed when a user views the affected record in the ERPNext web ...

5.4CVSS5.7AI score0.00052EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/03 12:0 a.m.3 views

PT-2026-5951

Name of the Vulnerable Software and Affected Versions ERPNext versions through 15.88.1 Description A Stored Cross-Site Scripting XSS issue exists in the CSV import mechanism when the Update Existing Records option is used. An attacker can inject malicious JavaScript code into a CSV field. This co...

5.4CVSS5.6AI score0.00052EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/02/03 12:0 a.m.3 views

ERPNext 安全漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext 15.88.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the failure to clean or remove HTML tags from plain-text fields, which cou...

4.1CVSS5.8AI score0.00017EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:11 a.m.3 views

CVE-2025-68953

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in...

7.5CVSS6.7AI score0.00063EPSS
Exploits0References1
EUVD
EUVDadded 2025/12/29 3:10 p.m.3 views

EUVD-2025-205602

Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into accessing a specially crafted link. This could lead to a malicious template being executed on the server, resulting in remote code...

9CVSS7.2AI score0.00094EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/12/29 12:0 a.m.2 views

PT-2025-53728

Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into accessing a specially crafted link. This could lead to a malicious template being executed on the server, resulting in remote code...

9CVSS7.8AI score0.00094EPSS
Exploits0References4
Rows per page
Query Builder