GCVE - cpe:2.3:a:frappe:hrms:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:frappe:hrms:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Frappe (`a51f8b94-1fb6-5e30-97d7-fbeb544c71ba`)
Product	Hrms (`7f709ea5-6a55-5da8-8598-0e457b00b996`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-45081`	vulnerable	2026-06-03 15:25:03.557587	Frappe HR: Permission Bypass in HRMS Leave Details API MEDIUM (6.5) Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0. Published: 2026-05-27T17:18:53.600Z Updated: 2026-05-27T18:26:47.576Z Open on db.gcve.eu Reference links https://github.com/frappe/hrms/security/advisories/GHSA-9jpf-5vrm-hpcj	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-41320`	vulnerable	2026-06-03 15:23:35.883485	Frappe HR has possibility of SQL Injection due to improper field sanitization MEDIUM (6.5) Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and 14.38.1 contain a patch. No known workarounds are available. Published: 2026-04-21T19:34:16.753Z Updated: 2026-04-22T13:42:48.215Z Open on db.gcve.eu Reference links https://github.com/frappe/hrms/security/advisories/GHSA-745c-5q8r-vgj2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-40889`	vulnerable	2026-06-03 15:23:35.165813	Frappe HR has Improper Access Control on Files MEDIUM (6.5) Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available. Published: 2026-04-21T19:32:52.106Z Updated: 2026-04-22T13:30:10.795Z Open on db.gcve.eu Reference links https://github.com/frappe/hrms/security/advisories/GHSA-6cg5-4q6m-vrgm https://github.com/frappe/hrms/releases/tag/v15.58.2 https://github.com/frappe/hrms/releases/tag/v16.4.2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-40888`	vulnerable	2026-06-03 15:23:35.163729	Frappe HR vulnerable to Improper Access Control MEDIUM (6.5) Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting certain api endpoint. Versions 15.58.1 and 16.4.1 contain a patch. No known workarounds are available. Published: 2026-04-21T19:28:28.849Z Updated: 2026-04-21T19:43:37.506Z Open on db.gcve.eu Reference links https://github.com/frappe/hrms/security/advisories/GHSA-4375-7rxj-9hfx https://github.com/frappe/hrms/releases/tag/v15.58.1 https://github.com/frappe/hrms/releases/tag/v16.4.1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.