14 matches found
CVE-2026-41430
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6 fixes the issue by restricting...
CVE-2026-41317
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS.press.api.account.createapisecret is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit...
CVE-2026-41430
Summary: CVE-2026-41430 affects Press, a Frappe custom app running in Frappe Cloud. The issue is a reflected XSS on the login redirect parameter, arising from inadequate validation of redirect URLs. The publicly disclosed fix (commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6) restricts redirects t...
CVE-2026-41430 Press vulnerable to reflected XSS on login redirection
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6 fixes the issue by restricting...
EUVD-2025-30203
Malicious code in bioql PyPI...
CVE-2025-59421
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. A bad actor can flood the inbox of a user by repeatedly sending invites duplicate. The issue is fixed in commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615...
CVE-2025-59421
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. A bad actor can flood the inbox of a user by repeatedly sending invites duplicate. The issue is fixed in commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615...
CVE-2025-59421 Press vulnerable to email flooding to users due to lack of validation and rate limits
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. A bad actor can flood the inbox of a user by repeatedly sending invites duplicate. The issue is fixed in commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615...
CVE-2025-59421 Press vulnerable to email flooding to users due to lack of validation and rate limits
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. A bad actor can flood the inbox of a user by repeatedly sending invites duplicate. The issue is fixed in commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615...
PT-2025-38410
Name of the Vulnerable Software and Affected Versions Press versions prior to commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615 Description Press, a Frappe custom app used for managing infrastructure, subscriptions, marketplace operations, and software-as-a-service SaaS, is susceptible to a flaw th...
CVE-2025-53545
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...
CVE-2024-50356
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...
CVE-2024-50356
CVE-2024-50356 affects Press, a Frappe custom app (used with Frappe Cloud) that manages infrastructure, subscriptions and SaaS. The issue allows password resets by anyone with access to a user’s email inbox, circumventing 2FA, though logging in remains blocked for users who have 2FA enabled. A pa...
CVE-2024-50356 Press has a potential 2FA bypass
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...