5 matches found
PT-2026-1347
Name of the Vulnerable Software and Affected Versions Frappe versions 14.99.5 and below and 15.0.0 through 15.80.1 Description Frappe, a full-stack web application framework, contains a path traversal issue in certain requests. Insufficient input sanitization allows the potential retrieval of...
CVE-2025-68929
Frappe (a full‑stack web application framework) is affected in versions before 14.99.6 and 15.88.1. An authenticated user with specific permissions could be tricked into visiting a specially crafted link, causing a malicious template to run on the server and leading to remote code execution. The ...
Frappe Technologies Frappe 安全漏洞
Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe versions 2.34.x and 2.35.0, which stems from an incomplete fix for CVE-2025-55006 and coul...
CVE-2025-30213
CVE-2025-30213 affects the Frappe full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user could create documents in a specific way that could lead to remote code execution (RCE). The issue is mitigated only by upgrading to the patched releases. Versions 14.9.1 a...
PT-2024-20581 · Frappe · Frappe
Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.64.0 and 15.0.0 Description: The issue is related to SQL injection from a particular whitelisted method, which can result in access to data that the user does not have permission to access. There are no known...