Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

frappe — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting frappe. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by frappe:frappelmspresserpnexthrmsfrappe/lmsFrappe CRMFrappe HelpDeskcrm
CVE IDTitleCVSSSeverityPublished
CVE-2025-66206 Frappe vulnerable to a path traversal allowing reading certain files — frappeCWE-22 6.8 Medium2025-12-01
CVE-2025-66205 Frappe has the possibility of SQL Injection due to improper validations — frappeCWE-89 7.1 High2025-12-01
CVE-2025-11461 Frappe CRM 1.53.1 — Multiple SQL Injections in Dashboard Controller — Frappe CRMCWE-89 8.8AIHighAI2025-11-26
CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached — lmsCWE-863 6.3 -2025-11-12
CVE-2025-64705 Frappe user was able to access the submission of other students — lmsCWE-200 4.6 -2025-11-12
CVE-2025-62779 Frappe Learning users were able to add HTML through input fields in the Job Form — lmsCWE-79 5.4AIMediumAI2025-10-27
CVE-2025-62778 Frappe Learning allowed students to access the Quiz Form via direct URL — lmsCWE-425 5.3AIMediumAI2025-10-27
CVE-2025-62407 Frappe has an Open Redirect on Login Page — frappeCWE-601 6.1 Medium2025-10-16
CVE-2025-62158 Frappe had attachments made by students to their assignments of type Text set to public — lmsCWE-200 7.5AIHighAI2025-10-10
CVE-2025-11283 Frappe LMS Course cross site scripting — LMSCWE-79 2.4 Low2025-10-05
CVE-2025-11282 Frappe LMS Incomplete Fix CVE-2025-55006 cross site scripting — LMSCWE-79 2.4 Low2025-10-05
CVE-2025-11281 Frappe LMS Unpublished Course courses access control — LMSCWE-284 5.0 Medium2025-10-05
CVE-2025-11280 Frappe LMS Assignment Picture files direct request — LMSCWE-425 3.7 Low2025-10-05
CVE-2025-59421 Press vulnerable to email flooding to users due to lack of validation and rate limits — pressCWE-770--AI2025-09-18
CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field — lmsCWE-79 4.6 Medium2025-09-17
CVE-2025-58439 ERP: Possibility of SQL injection due to missing validation — erpnextCWE-89 8.1 High2025-09-06
CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations — frappeCWE-89 7.5AIHighAI2025-08-20
CVE-2025-55731 Frappe has the possibility of Authenticated SQL Injection due to improper validations — frappeCWE-89 7.5AIHighAI2025-08-20
CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature — lmsCWE-20 4.3 Medium2025-08-09
CVE-2025-53545 Press has a potential 2FA bypass — pressCWE-287 9.8AICriticalAI2025-07-08
CVE-2025-52898 Frappe account takeover via password reset token leakage — frappeCWE-200 9.1AICriticalAI2025-06-30
CVE-2025-52896 Frappe authenticated XSS via data import — frappeCWE-79 5.4AIMediumAI2025-06-30
CVE-2025-52895 Frappe possibility of SQL injection due to improper validations — frappeCWE-89 7.5AIHighAI2025-06-30
CVE-2025-30217 Frappe has possibility of SQL injection due to improper validations — frappeCWE-89 7.5AIHighAI2025-03-26
CVE-2025-30214 Frappe vulnerable to information disclosure leading to account takeover — frappeCWE-200 8.1AIHighAI2025-03-25
CVE-2025-30213 Frappe has Possibility of Remote Code Execution due to improper validation — frappeCWE-20 8.8AIHighAI2025-03-25
CVE-2025-30212 Frappe has possibility of SQL injection due to improper validations — frappeCWE-89 7.5AIHighAI2025-03-25
CVE-2024-50356 Press has a potential 2FA bypass — pressCWE-640--2024-10-31
CVE-2024-49751 Frappe Press possible HTML injection through SaaS Signup inputs — pressCWE-79 5.4AIMediumAI2024-10-23
CVE-2024-34074 Frappe vuilnerable to an open redirect on login page — frappeCWE-601 6.1 Medium2024-05-09

This page lists every published CVE security advisory associated with frappe. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.