Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44440 |
|
Path Traversal in path-traversal (CVE-2026-44440)
path traversal in path-traversal (CVE-2026-44440). Confidential information can be exposed externally. Mitigation: upgrade to `15.101.1` or later.
|
| CVE-2026-44441 |
|
SSRF (Server-Side Request Forgery) in frappe (CVE-2026-44441)
SSRF in frappe (CVE-2026-44441). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `15.106.0` or later.
|
| CVE-2026-44442 |
|
Vulnerability in frappe (CVE-2026-44442)
vulnerability in frappe (CVE-2026-44442). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.9.1` or later.
|
| CVE-2026-44445 |
|
XXE (XML External Entity) in frappe (CVE-2026-44445)
vulnerability in frappe (CVE-2026-44445). Confidential information can be exposed externally. Mitigation: upgrade to `15.104.3` or later.
|
| CVE-2026-44446 |
|
SQL Injection in sqli (CVE-2026-44446)
SQL injection in sqli (CVE-2026-44446). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.104.3` or later.
|
| CVE-2026-44447 |
|
SQL Injection in sqli (CVE-2026-44447)
SQL injection in sqli (CVE-2026-44447). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.9.0` or later.
|
| CVE-2026-44448 |
|
Vulnerability in frappe (CVE-2026-44448)
vulnerability in frappe (CVE-2026-44448). Confidential information can be exposed externally. Mitigation: upgrade to `15.102.0` or later.
|
| CVE-2026-38431 |
|
Code Injection in frappe (CVE-2026-38431)
code injection in frappe (CVE-2026-38431). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38432 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2026-38432)
cross-site scripting in frappe (CVE-2026-38432). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31017 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-31017)
SSRF in ssrf (CVE-2026-31017). Confidential information can be exposed externally.
|
| CVE-2025-67289 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2025-67289)
cross-site scripting in frappe (CVE-2025-67289). Successful exploitation can lead to full system takeover.
|
| CVE-2022-28598 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2022-28598)
cross-site scripting in frappe (CVE-2022-28598). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-3882 |
|
SQL Injection in sqli (CVE-2018-3882)
SQL injection in sqli (CVE-2018-3882). Successful exploitation can lead to full system takeover.
|
| CVE-2018-3883 |
|
SQL Injection in sqli (CVE-2018-3883)
SQL injection in sqli (CVE-2018-3883). Successful exploitation can lead to full system takeover.
|
| CVE-2018-3884 |
|
SQL Injection in sqli (CVE-2018-3884)
SQL injection in sqli (CVE-2018-3884). Successful exploitation can lead to full system takeover.
|
| CVE-2018-3885 |
|
SQL Injection in sqli (CVE-2018-3885)
SQL injection in sqli (CVE-2018-3885). Successful exploitation can lead to full system takeover.
|