10 matches found
CVE-2026-44446 ERPNext: Possibility of SQL Injection due to missing validation
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and...
CVE-2026-44446 ERPNext: Possibility of SQL Injection due to missing validation
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and...
ERPNext SQL注入漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.104.3 and 16.14.0 of ERPNext contained SQL injection vulnerabilities. These vulnerabilities stemmed from certain endpoints being vulnerable to SQL injection attacks...
PT-2026-40823
Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.104.3 ERPNext versions prior to 16.14.0 Description Certain endpoints are susceptible to SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, allowing an attacker ...
CVE-2026-35614
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulkupdate. This vulnerability is fixed in 16.14.0 and 15.104.0...
CVE-2026-35614
Frappe framework (full‑stack web app) contains a SQL injection in bulk_update prior to 16.14.0 and 15.104.0. The issue is fixed in 16.14.0 and 15.104.0. Patching affected installations to these versions or newer is recommended. The CVSS details in the record indicate high impact to confidentialit...
EUVD-2026-19792
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulkupdate. This vulnerability is fixed in 16.14.0 and 15.104.0...
CVE-2021-44531 affecting package nodejs for versions less than 16.14.0-1
CVE-2021-44531 affecting package nodejs for versions less than 16.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2021-22940 affecting package nodejs for versions less than 16.14.0-1
CVE-2021-22940 affecting package nodejs for versions less than 16.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2022-21824 affecting package nodejs for versions less than 16.14.0-1
CVE-2022-21824 affecting package nodejs for versions less than 16.14.0-1. An upgraded version of the package is available that resolves this issue...