CVE-2025-52895 – Frappe SQL Injection Vulnerability

June 30, 2025

CVE ID : CVE-2025-52895

Published : June 30, 2025, 5:15 p.m. | 26 minutes ago

Description : Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. This issue has been patched in versions 14.94.3 and 15.58.0. There are no workarounds for this issue other than upgrading.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52896 – Frappe Cross-Site Scripting (XSS) via Data Import Vulnerability

Next Article CVE-2025-45143 – Apache String-Math Regex Denial of Service

Highlights

CVE-2025-6252 – “Qi Addons For Elementor Stored Cross-Site Scripting Vulnerability”

June 28, 2025

CVE ID : CVE-2025-6252

Published : June 28, 2025, 5:15 a.m. | 1 hour, 8 minutes ago

Description : The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Never Stop Exploring (July 2025 Wallpapers Edition)

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

I never thought I’d praise a kickstand power bank – until I tried this one

I replaced my work PC with this Alienware laptop – now I’m wondering why I hadn’t done this sooner

How to set up Alexa to receive notifications on Prime Day deals you want

How proxy servers actually work, and why they’re so valuable

What’s the difference between named functions and arrow functions in JavaScript?

What’s the difference between named functions and arrow functions in JavaScript?

Spring Boot + Swagger: A Complete Guide to API Documentation

Wire Room Math: AI + SME = (Less Compensation Paid) X (Headline Risk + Payment Errors)^2

Artix Linux: Introduzione di XLibre nelle Build Sperimentali

Artix Linux: Introduzione di XLibre nelle Build Sperimentali

Orange Pi R2S Single Board Computer Running Linux: Introduction

vmstat – reports virtual memory statistics

CVE-2025-52895 – Frappe SQL Injection Vulnerability

CVE-2023-47310 – MikroTik RouterOS IPv6 UDP Traceroute Information Disclosure

CVE-2024-53621 – Tenda AC1206 Buffer Overflow Vulnerability

CVE-2025-3803 – Tenda W12 and i24 Stack-Based Buffer Overflow Vulnerability

Windows exploitation in 2014

No Patch, Full Exploit: CVSS 9.9 RCE & IDOR Flaws in InnoShop eCommerce Platform

CVE-2025-45997 – Sourcecodester Web-based Pharmacy Product Management System File Upload Vulnerability

CVE-2025-6252 – “Qi Addons For Elementor Stored Cross-Site Scripting Vulnerability”

Perfection is a Myth. Leverage Isn’t: How Small Teams Can Secure Their Google Workspace

PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party

Arriva Slimbook Kymera Black: il nuovo desktop GNU/Linux per giocatori e creatori

CVE-2025-52895 – Frappe SQL Injection Vulnerability

Related Posts