6 matches found
EUVD-2024-44834
Malicious code in bioql PyPI...
CVE-2025-59421
CVE-2025-59421 affects Press, a Frappe custom app running on Frappe Cloud. The issue is a lack of validation and rate limiting that allows a malicious actor to flood a user’s inbox by repeatedly sending duplicate invitations. The vulnerability is mitigated by the fix committed as 83c3fc7676c5dbbe...
CVE-2025-59421 Press vulnerable to email flooding to users due to lack of validation and rate limits
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. A bad actor can flood the inbox of a user by repeatedly sending invites duplicate. The issue is fixed in commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615...
CVE-2025-53545 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...
CVE-2025-53545 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...
CVE-2024-50356 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...