VYPR

Press

by Frappe

Source repositories

CVEs (6)

  • CVE-2026-41317HigApr 24, 2026
    risk 0.42cvss 7.5epss 0.00

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method.…

  • CVE-2025-53545MedJul 8, 2025
    risk 0.38cvss epss 0.00

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit…

  • CVE-2026-41430MedApr 24, 2026
    risk 0.33cvss 6.1epss 0.00

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6 fixes the issue…

  • CVE-2025-59421LowSep 18, 2025
    risk 0.11cvss epss 0.00

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). A bad actor can flood the inbox of a user by repeatedly sending invites (duplicate). The issue is fixed in commit…

  • CVE-2024-49751LowOct 23, 2024
    risk 0.01cvss epss 0.00

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user who injected the unsafe…

  • CVE-2024-50356NonOct 31, 2024
    risk 0.00cvss 0.0epss 0.00

    Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by…