Skip to main content

Hrms

3 CVEs product

Monthly

CVE-2026-41320 MEDIUM PATCH This Month

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and 14.38.1 contain a patch. No known workarounds are available.

SQLi Hrms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40889 MEDIUM PATCH This Month

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available.

Authentication Bypass Hrms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40888 MEDIUM PATCH This Month

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are available.

Authentication Bypass Hrms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and 14.38.1 contain a patch. No known workarounds are available.

SQLi Hrms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available.

Authentication Bypass Hrms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are available.

Authentication Bypass Hrms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy