CVE-2025-66206
CVE-2025-66206 affects Frappe, a full-stack web application framework. Prior to versions 15.86.0 and 14.99.2 , certain requests were vulnerable to path traversal, enabling retrieval of server files if the full path was known. The issue mainly impacts installations directly using werkzeug/gunicorn...