Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: frappe Clear
ID Title
CVE-2026-44448 Vulnerability in frappe (CVE-2026-44448)
vulnerability in frappe (CVE-2026-44448). Confidential information can be exposed externally. Mitigation: upgrade to `15.102.0` or later.
CVE-2026-44447 SQL Injection in sqli (CVE-2026-44447)
SQL injection in sqli (CVE-2026-44447). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.9.0` or later.
CVE-2026-44446 SQL Injection in sqli (CVE-2026-44446)
SQL injection in sqli (CVE-2026-44446). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.104.3` or later.
CVE-2026-44440 Path Traversal in path-traversal (CVE-2026-44440)
path traversal in path-traversal (CVE-2026-44440). Confidential information can be exposed externally. Mitigation: upgrade to `15.101.1` or later.
CVE-2026-44441 SSRF (Server-Side Request Forgery) in frappe (CVE-2026-44441)
SSRF in frappe (CVE-2026-44441). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `15.106.0` or later.
CVE-2026-44442 Vulnerability in frappe (CVE-2026-44442)
vulnerability in frappe (CVE-2026-44442). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.9.1` or later.
CVE-2026-44445 XXE (XML External Entity) in frappe (CVE-2026-44445)
vulnerability in frappe (CVE-2026-44445). Confidential information can be exposed externally. Mitigation: upgrade to `15.104.3` or later.
CVE-2026-38431 Code Injection in frappe (CVE-2026-38431)
code injection in frappe (CVE-2026-38431). Successful exploitation can lead to full system takeover.
CVE-2026-38432 Cross-Site Scripting (XSS) in frappe (CVE-2026-38432)
cross-site scripting in frappe (CVE-2026-38432). Risk of unauthorized operations or information disclosure.
CVE-2026-3837 Cross-Site Scripting (XSS) in frappe (CVE-2026-3837)
cross-site scripting in frappe (CVE-2026-3837). Risk of unauthorized operations or information disclosure.
CVE-2026-3673 Cross-Site Scripting (XSS) in frappe (CVE-2026-3673)
cross-site scripting in frappe (CVE-2026-3673). Risk of unauthorized operations or information disclosure.
CVE-2026-31017 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-31017)
SSRF in ssrf (CVE-2026-31017). Confidential information can be exposed externally.
CVE-2025-67289 Cross-Site Scripting (XSS) in frappe (CVE-2025-67289)
cross-site scripting in frappe (CVE-2025-67289). Successful exploitation can lead to full system takeover.
CVE-2022-28598 Cross-Site Scripting (XSS) in frappe (CVE-2022-28598)
cross-site scripting in frappe (CVE-2022-28598). Risk of unauthorized operations or information disclosure.
CVE-2018-3885 SQL Injection in sqli (CVE-2018-3885)
SQL injection in sqli (CVE-2018-3885). Successful exploitation can lead to full system takeover.
CVE-2018-3884 SQL Injection in sqli (CVE-2018-3884)
SQL injection in sqli (CVE-2018-3884). Successful exploitation can lead to full system takeover.
CVE-2018-3883 SQL Injection in sqli (CVE-2018-3883)
SQL injection in sqli (CVE-2018-3883). Successful exploitation can lead to full system takeover.
CVE-2018-3882 SQL Injection in sqli (CVE-2018-3882)
SQL injection in sqli (CVE-2018-3882). Successful exploitation can lead to full system takeover.
CVE-2017-1000120 SQL Injection in sqli (CVE-2017-1000120)
SQL injection in sqli (CVE-2017-1000120). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →