Known Vulnerabilities for products from Frappe
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Frappe".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45081 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-44448 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed ... | Not Provided | 2026-05-13 | 2026-05-15 |
| CVE-2026-44447 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL i... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-44446 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulne... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-44445 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction o... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-44442 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce pro... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-44441 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could se... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-44440 json | ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of... | Not Provided | 2026-05-13 | 2026-05-14 |
| CVE-2026-41430 json | Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-servi... | Not Provided | 2026-04-24 | 2026-04-30 |
| CVE-2026-41320 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-41317 json | Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-servi... | Not Provided | 2026-04-24 | 2026-04-30 |
| CVE-2026-40889 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-40888 json | Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticate... | Not Provided | 2026-04-21 | 2026-04-27 |
| CVE-2026-39415 json | Not Provided | 2026-04-08 | 2026-04-09 | |
| CVE-2026-39405 json | Not Provided | 2026-05-20 | 2026-05-21 | |
| CVE-2026-39352 json | Not Provided | 2026-05-20 | 2026-05-21 | |
| CVE-2026-39351 json | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access vi... | Not Provided | 2026-04-07 | 2026-04-10 |
| CVE-2026-38432 json | ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permi... | Not Provided | 2026-05-05 | 2026-05-08 |
| CVE-2026-38431 json | ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or... | Not Provided | 2026-05-05 | 2026-05-08 |
| CVE-2026-35614 json | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. T... | Not Provided | 2026-04-07 | 2026-04-13 |