CVE-2021-47984

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

CVE-2021-47984 WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...

CVE-2026-29081

Frappe CVE-2026-29081 affects the framework prior to versions 14.100.1 and 15.100.0, where an endpoint allowed SQL injection via specially crafted requests due to improper fieldname sanitization. Consequence: potential exposure of sensitive information. Fix: patched in 14.100.1 and 15.100.0. Evid...

CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...

CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...

CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization

Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This issue has been patched in versions 14.100.1 and...

EUVD-2018-11243

Malware in sbrugna...

EUVD-2022-6568

Malicious code in bioql PyPI...

EUVD-2025-32134

Malicious code in bioql PyPI...

CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...

CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...

CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...

PT-2025-40353

Name of the Vulnerable Software and Affected Versions Frappe Framework version 15.72.4 Description A SQL injection issue exists in Frappe Framework. The issue is located in the fieldname parameter of the frappe.client.get value API endpoint. A crafted script provided to the fieldname parameter ca...

Frappe Technologies Frappe Framework 安全漏洞

Frappe Technologies Frappe Framework is a metadata-driven full-stack web application framework based on Python and JavaScript from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe Framework version 15.72.4, which stems from an SQL injection in the fieldnam...

CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...

CVE-2025-56380

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.getvalue API endpoint and a crafted script to the fieldname parameter...

CVE-2025-56380

CVE-2025-56380 affects Frappe Framework/ERPNext codebase (Frappe v15.72.4; ERPNext v15.67.0) via a SQL injection in the fieldname parameter of the frappe.client.get_value API endpoint. The vulnerability arises from unsafe concatenation of user input into SQL within the /api/method/frappe.client.g...

📄 ERPNext 15.67.0 / Frappe 15.72.4 Blind SQL Injection

A time-based blind SQL injection vulnerability was discovered in the frappe.client.getvalue API endpoint in Frappe Framework version 15.72.4 and it is also present in ERPNext version 15.67.0. An authenticated user with access to the reporting/client API can inject SQL via the fieldname parameter...

CVE-2022-36272

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter...

CVE-2023-7096

A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The exploit has been...