CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...

CVE-2026-29081

CVE-2026-29081 affects the Frappe framework. Before versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection via specially crafted requests stemming from improper fieldname sanitization, allowing an attacker to extract sensitive information. The issue has been patched in versio...

CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...

CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...

EUVD-2018-11243

Malware in sbrugna...

EUVD-2025-32134

Malicious code in bioql PyPI...

EUVD-2022-6568

Malicious code in bioql PyPI...

CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...

CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...

CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...

Frappe Technologies Frappe Framework 安全漏洞

Frappe Technologies Frappe Framework is a metadata-driven full-stack web application framework based on Python and JavaScript from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe Framework version 15.72.4, which stems from an SQL injection in the fieldnam...

CVE-2025-56380

CVE-2025-56380 affects Frappe Framework/ERPNext codebase (Frappe v15.72.4; ERPNext v15.67.0) via a SQL injection in the fieldname parameter of the frappe.client.get_value API endpoint. The vulnerability arises from unsafe concatenation of user input into SQL within the /api/method/frappe.client.g...

📄 ERPNext 15.67.0 / Frappe 15.72.4 Blind SQL Injection

A time-based blind SQL injection vulnerability was discovered in the frappe.client.getvalue API endpoint in Frappe Framework version 15.72.4 and it is also present in ERPNext version 15.67.0. An authenticated user with access to the reporting/client API can inject SQL via the fieldname parameter...

PT-2025-40353

Name of the Vulnerable Software and Affected Versions Frappe Framework version 15.72.4 Description A SQL injection issue exists in Frappe Framework. The issue is located in the fieldname parameter of the frappe.client.get value API endpoint. A crafted script provided to the fieldname parameter ca...

CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...

CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...

CVE-2022-36272

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter...

CVE-2023-7096

A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

Faculty Management System SQL Injection Vulnerability

Faculty Management System is a code-projects open source faculty management system . Faculty Management System version 1.0 SQL injection vulnerability , the vulnerability stems from /admin/php/crud.php in the presence of an unknown function , through the parameter fieldname lead to SQL injection...

PT-2023-32870

Name of the Vulnerable Software and Affected Versions code-projects Faculty Management System version 1.0 Description A critical issue affects some unknown functionality of the file /admin/php/crud.php. The manipulation of the fieldname argument leads to sql injection. The attack may be launched...