|
1051
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.…
|
CWE-200
Information Exposure
|
CVE-2026-44206
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1052
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This iss…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44207
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1053
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This i…
|
CWE-284
CWE-285
Improper Access Control
Improper Authorization
|
CVE-2026-44208
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1054
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. This issue has been patched in versi…
|
CWE-862
Missing Authorization
|
CVE-2026-44975
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1055
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4.
|
CWE-284
Improper Access Control
|
CVE-2026-47182
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1056
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been …
|
CWE-862
Missing Authorization
|
CVE-2026-50026
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1057
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107…
|
CWE-79
Cross-site Scripting
|
CVE-2026-53568
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1058
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force.
This issue affects Related Marketing Cloud…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-5792
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1059
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Vulnerability Title
|
-
|
CVE-2026-9271
|
2026-06-13 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1060
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrar…
|
CWE-93
CRLF Injection
|
CVE-2026-50629
|
2026-06-13 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
