Lucene search
K

6 matches found

CVE
CVE
added 5 days ago9 views

CVE-2026-48127

Frappe CVE-2026-48127 concerns an attacker could exploit attachment handling to inject arbitrary attachments in Doctypes. Specifically, prior to version 16.20.0 and 15.110.0, users without write access could attach files to any doctype via file-handling endpoints such as add_attachments. The issu...

5.3CVSS6.1AI score0.00369EPSS
Exploits0References9
OSV
OSV
added 5 days ago2 views

CVE-2026-48127 Frappe: Arbitrary Attachment Injection via add_attachments and upload_file

Frappe is a full-stack web application framework. Prior to 16.20.0 and 15.110.0, users without write access could attach files to any doctype through file-handling API endpoints such as addattachments. This issue is fixed in versions 16.20.0 and 15.110.0...

5.3CVSS6.1AI score0.00369EPSS
Exploits0References11
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-48127 Frappe: Arbitrary Attachment Injection via add_attachments and upload_file

Frappe is a full-stack web application framework. Prior to 16.20.0 and 15.110.0, users without write access could attach files to any doctype through file-handling API endpoints such as addattachments. This issue is fixed in versions 16.20.0 and 15.110.0...

5.3CVSS0.00369EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-31952

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description Vikunja, a self-hosted task management platform, has an issue where the CalDAV output generator doesn't properly escape characters in iCalendar VTODO entries. Specifically, user-controlled task title...

4.1CVSS5.9AI score0.00196EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-0256

Malware in sbrugna...

6.1CVSS5.1AI score0.00658EPSS
Exploits1References6
CVE
CVE
added 2021/02/08 2:33 p.m.44 views

CVE-2020-16629

CVE-2020-16629 affects PhpOK 5.4.137. A SQL injection vulnerability lets an attacker inject attachment data via SQL and then call the attachment replacement function via api.php to write a PHP file to a target path. The issue is documented across multiple sources (CNVD, NVD, Red Hat, CVE lists) w...

9.8CVSS9.7AI score0.01441EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder