All 6 CVE vulnerabilities found in press, with AI-generated Chinese analysis, references, and POCs.
Vendor: frappe
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41430 | Press vulnerable to reflected XSS on login redirection CWE-79 | 6.1AI | MediumAI | 2026-04-24 |
| CVE-2026-41317 | Frappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generation CWE-352 | 8.8AI | HighAI | 2026-04-24 |
| CVE-2025-59421 | Press vulnerable to email flooding to users due to lack of validation and rate limits CWE-770 | - | -AI | 2025-09-18 |
| CVE-2025-53545 | Press has a potential 2FA bypass CWE-287 | 9.8AI | CriticalAI | 2025-07-08 |
| CVE-2024-50356 | Press has a potential 2FA bypass CWE-640 | - | - | 2024-10-31 |
| CVE-2024-49751 | Frappe Press possible HTML injection through SaaS Signup inputs CWE-79 | 5.4AI | MediumAI | 2024-10-23 |
All 6 known CVE vulnerabilities affecting press with full Chinese analysis, references, and POCs where available.