Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-32020

Malicious code in bioql PyPI...

8.2CVSS6.6AI score0.00305EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/02 12:17 a.m.12 views

CVE-2025-52040

In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...

8.2CVSS7.3AI score0.00305EPSS
Exploits1References1
NVD
NVD
added 2025/10/01 3:15 p.m.5 views

CVE-2025-52040

In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...

8.2CVSS0.00305EPSS
Exploits1References2
OSV
OSV
added 2025/10/01 3:15 p.m.4 views

CVE-2025-52040

In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...

8.2CVSS7.3AI score
Exploits0References2
CVE
CVE
added 2025/10/01 12:0 a.m.38 views

CVE-2025-52040

In Frappe ERPNext 15.57.5, the function get_blanket_orders() in erpnext/controllers/queries.py is vulnerable to SQL Injection via the blanket_order_type parameter due to unvalidated inputs, enabling an attacker to extract information from databases. The public documents do not provide exploitatio...

8.2CVSS6.9AI score0.00305EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.8 views

PT-2025-40244

Name of the Vulnerable Software and Affected Versions Frappe ERPNext version 15.57.5 Description The function get blanket orders at erpnext/controllers/queries.py is susceptible to SQL Injection. An attacker can potentially extract information from databases by injecting a SQL query into the...

8.2CVSS7.4AI score0.00305EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/10/01 12:0 a.m.2 views

CVE-2025-52040

In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...

6.9AI score0.00305EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/01 12:0 a.m.10 views

CVE-2025-52040

In Frappe ERPNext 15.57.5, the function getblanketorders at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanketordertype parameter...

0.00305EPSS
Exploits1References2
Rows per page
Query Builder