These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-39405 is a critical path traversal issue in Frappe Learning Management System (LMS). The advisory says a user with course editing privileges could upload a SCORM ZIP package and write files outside the intended directory. The issue is resolved in version 2.50.1.
CVE-2026-39352 is a high-severity path traversal issue in Frappe that can lead to arbitrary file read. According to the published advisory material, versions prior to 15.105.0 and 16.15.0 are affected, and the issue is resolved in 15.105.0 and 16.15.0. Because the weakness is classified as CWE-22 and the CVSS score is 8.7, this should be treated as a priority patching item for any exposed or internally re [truncated]