Every CVE whose affected-product data names Frappe Frappe Crm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-11461 — CVSS 8.8 (high): Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL…
CVE-2025-68928 — CVSS 5.4 (medium): Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in…