CVE-2026-32954 | Frappe ERPNext up to 15.99.x/16.7.x sql injection (GHSA-j669-ghv2-gmqg)

March 20, 2026 Yanac

A vulnerability classified as critical was found in Frappe ERPNext up to 15.99.x/16.7.x. This affects an unknown part. Such manipulation leads to sql injection.

This vulnerability is listed as CVE-2026-32954. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More

CVE-2026-32945 | pjsip pjproject up to 2.16 DNS Parser heap-based overflow (GHSA-jr2p-p2w4-rr9q)
CVE-2026-32941 | BishopFox Sliver up to 1.7.3 allocation of resources (GHSA-97vp-pwqj-46qc)