Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

frappe — Vulnerabilities & Security Advisories 37

All 37 CVE vulnerabilities found in frappe, with AI-generated Chinese analysis, references, and POCs.

Vendor: frappe

CVE IDTitleCVSSSeverityPaused
CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters CWE-79 5.4AIMediumAI2026-04-22
CVE-2026-3673 Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer CWE-79 5.4AIMediumAI2026-04-22
CVE-2026-39351 Frappe allows unrestricted Doctype access via API exploit CWE-862 8.8AIHighAI2026-04-07
CVE-2026-35614 Frappe has a SQL injection in bulk_update CWE-89 8.8AIHighAI2026-04-07
CVE-2026-31879 Frappe Workspace modification and stored XSS due to improper resource ownership checks CWE-79 5.4AIMediumAI2026-03-11
CVE-2026-31878 Frappe: Possible SSRF by any authenticated user CWE-918 5.0 Medium2026-03-11
CVE-2026-31877 Frappe SQL Injection due to improper field sanitization CWE-89 7.5AIHighAI2026-03-11
CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization CWE-89 6.5 Medium2026-03-05
CVE-2026-29077 Frappe: Broken Access Control in DocShare CWE-284 7.1 High2026-03-05
CVE-2026-28436 Frappe: Stored XSS in avatar_macro.html CWE-79 5.4 -2026-03-05
CVE-2026-25956 Frappe Affected by XSS and Open Redirect in Sign Up CWE-601 6.1 Medium2026-02-10
CVE-2025-69083 WordPress Frappé theme <= 1.8 - Local File Inclusion vulnerability CWE-98 8.1 High2026-01-06
CVE-2025-68953 Certain Frappe requests are vulnerable to Path Traversal CWE-22 7.5 High2026-01-05
CVE-2025-68929 Frappe may be vulnerable remote code execution due to server-side template injection CWE-1336 9.1 Critical2025-12-29
CVE-2025-66206 Frappe vulnerable to a path traversal allowing reading certain files CWE-22 6.8 Medium2025-12-01
CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations CWE-89 7.1 High2025-12-01
CVE-2025-62407 Frappe has an Open Redirect on Login Page CWE-601 6.1 Medium2025-10-16
CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations CWE-89 7.5AIHighAI2025-08-20
CVE-2025-55731 Frappe has the possibility of Authenticated SQL Injection due to improper validations CWE-89 7.5AIHighAI2025-08-20
CVE-2025-52898 Frappe account takeover via password reset token leakage CWE-200 9.1AICriticalAI2025-06-30
CVE-2025-52896 Frappe authenticated XSS via data import CWE-79 5.4AIMediumAI2025-06-30
CVE-2025-52895 Frappe possibility of SQL injection due to improper validations CWE-89 7.5AIHighAI2025-06-30
CVE-2025-30217 Frappe has possibility of SQL injection due to improper validations CWE-89 7.5AIHighAI2025-03-26
CVE-2025-30214 Frappe vulnerable to information disclosure leading to account takeover CWE-200 8.1AIHighAI2025-03-25
CVE-2025-30213 Frappe has Possibility of Remote Code Execution due to improper validation CWE-20 8.8AIHighAI2025-03-25
CVE-2025-30212 Frappe has possibility of SQL injection due to improper validations CWE-89 7.5AIHighAI2025-03-25
CVE-2024-34074 Frappe vuilnerable to an open redirect on login page CWE-601 6.1 Medium2024-05-09
CVE-2024-27105 Frappe File Permissions can by bypassed using certain endpoints CWE-863 8.1 High2024-03-20
CVE-2024-24813 Frappe SQL Injection from reporting logic CWE-89 7.5 High2024-03-20
CVE-2024-24812 Frappe Authenticated Reflected Cross site scripting (XSS) in portal pages CWE-79 5.4 Medium2024-02-07

All 37 known CVE vulnerabilities affecting frappe with full Chinese analysis, references, and POCs where available.