Vulnerabilidades em frappe
106 resultadosCVE-2025-55732HIGHFrappe has the possibility of SQL Injection due to improper validationsEPSS 0.3%CVE-2025-58439HIGHERP: Possibility of SQL injection due to missing validationEPSS 0.3%CVE-2026-26977MEDIUMFrappe Learning Management System exposes details of unpublished courses to unauthorized usersEPSS 0.3%CVE-2025-66206MEDIUMFrappe vulnerable to a path traversal allowing reading certain filesEPSS 0.3%CVE-2026-31877CRITICALFrappe SQL Injection due to improper field sanitizationEPSS 0.3%CVE-2026-44442CRITICALERPNext: Unauthorised Document modification due to missing validationEPSS 0.3%CVE-2026-47182MEDIUMFrappe: Broken Access Control on Private FilesEPSS 0.3%CVE-2026-44975MEDIUMFrappe: Missing authorization on reset form toursEPSS 0.3%CVE-2026-44976MEDIUMFrappe: IDOR in update_onboarding_stepEPSS 0.3%CVE-2026-29081MEDIUMFrappe: Possibility of SQL Injection due to improper fieldname sanitizationEPSS 0.3%CVE-2025-62158LOWFrappe had attachments made by students to their assignments of type Text set to publicEPSS 0.3%CVE-2026-50701MEDIUMFrappe Framework 17.0.0-dev - Reflected DOM XSS in dashboard-view breadcrumb renderingEPSS 0.3%CVE-2026-44446HIGHERPNext: Possibility of SQL Injection due to missing validationEPSS 0.3%CVE-2026-39415MEDIUMFrappe Learning Management System has Client-Side Manipulation of Quiz ScoresEPSS 0.3%CVE-2026-42839MEDIUMERPNext 16.16.0 - Stored XSS in POS cart item renderingEPSS 0.3%CVE-2025-66205HIGHFrappe has the possibility of SQL Injection due to improper validationsEPSS 0.3%CVE-2026-50026MEDIUMFrappe: Lack of permissions checks in 'relink' and 'set_email_password' endpointsEPSS 0.3%CVE-2026-35614CRITICALFrappe has a SQL injection in bulk_updateEPSS 0.3%CVE-2026-39351MEDIUMFrappe allows unrestricted Doctype access via API exploitEPSS 0.3%CVE-2026-47739MEDIUMFrappe: Stored XSS in NoteEPSS 0.3%