Vulnerabilities in Frappe
106 resultsCVE-2025-59415MEDIUMFrappe Learning vulnerable to Malicious Content upload via Profile bio fieldEPSS 0.2%CVE-2026-44445MEDIUMERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI ModuleEPSS 0.2%CVE-2026-41320MEDIUMFrappe HR has possibility of SQL Injection due to improper field sanitizationEPSS 0.2%CVE-2026-3673MEDIUMFrappe Framework 16.10.0 - Stored DOM XSS in Tag Pill RendererEPSS 0.2%CVE-2026-45081MEDIUMFrappe HR: Permission Bypass in HRMS Leave Details APIEPSS 0.2%CVE-2025-62778LOWFrappe Learning allowed students to access the Quiz Form via direct URLEPSS 0.2%CVE-2026-29077HIGHFrappe: Broken Access Control in DocShareEPSS 0.2%CVE-2026-3837MEDIUMFrappe Framework 16.10.0 - Stored DOM XSS in Multiple Field FormattersEPSS 0.2%CVE-2026-34606MEDIUMStored XSS in Frappe LMSEPSS 0.2%CVE-2025-64705LOWFrappe user was able to access the submission of other studentsEPSS 0.2%CVE-2026-31878MEDIUMFrappe: Possible SSRF by any authenticated userEPSS 0.2%CVE-2025-66581LOWFrappe LMS is Missing Server-Side Authorization in Business LogicEPSS 0.2%CVE-2026-26031LOWFrappe LMS affected by unauthorised user was able to access the full list of batch enrolled studentsEPSS 0.2%CVE-2025-68928MEDIUMFrappe CRM vulnerable to authenticated XSS via website fieldEPSS 0.2%CVE-2026-28436LOWFrappe: Stored XSS in avatar_macro.htmlEPSS 0.2%CVE-2025-62779LOWFrappe Learning users were able to add HTML through input fields in the Job FormEPSS 0.2%CVE-2026-41317MEDIUMFrappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generationEPSS 0.2%CVE-2026-44441MEDIUMERPNext: Possible SSRF by any authenticated userEPSS 0.2%CVE-2026-25956MEDIUMFrappe Affected by XSS and Open Redirect in Sign UpEPSS 0.2%CVE-2026-41430LOWPress vulnerable to reflected XSS on login redirectionEPSS 0.2%