EUVD-2025-25332

Malicious code in bioql PyPI...

CVE-2025-55731

Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability is fixed in 15.74.2 and 14.96.15...

CVE-2025-55732

Frappe Framework vulnerability CVE-2025-55732 involves SQL injection via specially crafted requests due to improper validation. Affected versions are before 15.74.2 and 14.96.15, with the issue bypassing a prior patch (CVE-2025-52895). The vulnerability could allow an attacker to access sensitive...

CVE-2025-55731 Frappe has the possibility of Authenticated SQL Injection due to improper validations

Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability is fixed in 15.74.2 and 14.96.15...

CVE-2025-55731

Frappe is vulnerable to an authenticated SQL injection via a crafted request that could expose data beyond user permissions. The issue affects Frappe’s SQL handling in the application and is fixed in version 15.74.2 and 14.96.15. Public references (including Red Hat and CVE list entries) describe...

PT-2025-34074 · Frappé Technologies · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 15.74.2 Frappe versions prior to 14.96.15 Description: Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to via SQL injection...

Frappe Technologies Frappe SQL注入漏洞

Frappe Technologies Frappe is a Python, Mariadb-based and integrated front-end page web development framework from Frappe Technologies, India. A security vulnerability exists in Frappe Technologies Frappe version 15.74.2 and versions prior to 14.96.15, which stems from a specially crafted request...