246 matches found
EUVD-2026-38796
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...
EUVD-2026-38805
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...
EUVD-2026-38800
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...
CVE-2026-50711
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component...
CVE-2026-50700
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...
CVE-2026-50705 Frappe Framework 17.0.0-dev - Stored XSS in Form Dashboard headline rendering
A Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer...
CVE-2026-50705
The CVE-2026-50705 entry documents a stored XSS vulnerability in Frappe Framework 17.0.0-dev, caused by improper neutralization of untrusted input in the Form Dashboard headline renderer. Affected product: Frappe Framework (version 17.0.0-dev). The vulnerability arises from how the Form Dashboard...
CVE-2026-50704 Frappe Framework 17.0.0-dev - Reflected/Stored XSS in File View breadcrumbs rendering
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...
CVE-2026-50703 Frappe Framework 17.0.0-dev - Stored XSS in Desktop Icon label rendering
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...
CVE-2026-50699
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in referencedocument using a whitelisted write path and trigger script execution when users open the affected Auto...
CVE-2026-50698
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...
CVE-2026-50698 Frappe Framework 17.0.0-dev - Stored XSS in Audit Trail template rendering
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...
PT-2026-51826
Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the frappe.get avatar function during image rendering. Stored XSS is a type of...
SUSE-SU-2026:2303-1 Security update for postgresql17
This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...
CVE-2026-25621 Arista Edge Threat Management NGFW Reports Application Insecure Input Validation
A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
GHSA-Q4WQ-4WHJ-CXHX vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-25-openj9, openjdk-8-openj9, openjdk-21-openj9, openjdk-26-openj9...
GHSA-75HH-423H-RVWG vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-25-openj9, openjdk-8-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk...
CVE-2026-34268 vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-25-openj9, openjdk-8-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk...
CVE-2025-10911 vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-25-openj9, openjdk-8-openj9, openjdk-21-openj9, openjdk-26-openj9...
CVE-2007-3716 vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-25-openj9, openjdk-8-openj9, openjdk-21-openj9, openjdk-26-openj9...