General-Purpose System Vulnerabilities
Vulnerabilities related to traditional IT systems, servers, and desktop applications.
| CVE ID | Description | Severity | Published | Type |
|---|---|---|---|---|
| CVE-2025-66440 | An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_documents() at erpnext/ac… | High (8.8) | 2025-12-15 | General-Purpose |
| CVE-2025-66439 | An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_documents() at erpnext.ac… | High (8.8) | 2025-12-15 | General-Purpose |
| CVE-2025-66437 | An SSTI (Server-Side Template Injection) vulnerability exists in the get_address_display method of Frappe ERPNext throu… | High (8.8) | 2025-12-15 | General-Purpose |
| CVE-2025-66436 | An SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions method of Frappe ERPNext … | Medium (4.3) | 2025-12-15 | General-Purpose |
| CVE-2025-14038 | EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. T… | High (7.0) | 2025-12-15 | General-Purpose |