|
581
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.
|
CWE-284
Improper Access Control
|
CVE-2026-44976
|
2026-06-13 01:20 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.…
|
CWE-200
Information Exposure
|
CVE-2026-44206
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This iss…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44207
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This i…
|
CWE-284
CWE-285
Improper Access Control
Improper Authorization
|
CVE-2026-44208
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. This issue has been patched in versi…
|
CWE-862
Missing Authorization
|
CVE-2026-44975
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4.
|
CWE-284
Improper Access Control
|
CVE-2026-47182
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been …
|
CWE-862
Missing Authorization
|
CVE-2026-50026
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107…
|
CWE-79
Cross-site Scripting
|
CVE-2026-53568
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force.
This issue affects Related Marketing Cloud…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-5792
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Vulnerability Title
|
-
|
CVE-2026-9271
|
2026-06-13 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
