CVE-2026-5670

A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function moveuploadedfile of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload. Th...

CVE-2026-25962

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...

EUVD-2026-9967

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...

CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...

PT-2026-23627

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.4 Description MarkUs is a web application used for submitting and grading student assignments. Before version 2.9.4, the application extracted zip files without limitations on file size or the number of entries...

CVE-2025-12270 LearnHouse Student Assignment Submission sub_file resource injection

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

CVE-2025-12270

CVE-2025-12270 affects LearnHouse, impacting the Student Assignment Submission Handler. The vulnerability resides in an unknown function within /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file, causing improper control of resource identifiers. Exploitation can be performed remotely; m...

EUVD-2025-36164

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

PT-2025-43939

Name of the Vulnerable Software and Affected Versions LearnHouse affected versions not specified Description A flaw exists that results in improper control of resource identifiers. This issue is located within the Student Assignment Submission Handler component, specifically affecting an unknown...

EUVD-2012-2355

Malware in sbrugna...

EUVD-2022-2854

Malicious code in bioql PyPI...

EUVD-2022-5817

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-2578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle 3.x, there is XSS in the assignment submission page. CVE-2017-2578 Note that Nessus relies on the presence of the package as reported by the vendor...

SUSE CVE-2017-2578

In Moodle 3.x, there is XSS in the assignment submission page...

Moodle Cross-site Scripting in assignment submission page

In Moodle 3.x, there is Cross-site Scripting in the assignment submission page...

GHSA-6R76-F8C8-FH7P Moodle Cross-site Scripting in assignment submission page

In Moodle 3.x, there is Cross-site Scripting in the assignment submission page...

GHSA-XJX9-7C29-PWMM Moodle Improper Privilege Management

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL...

Moodle Stored HTML in assignment submission comments allowed links to be opened directly

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...

Improper File Deletion

Description A student uploaded a file when submitting an assignment. Then, if a teacher deletes that assignment, the attachment is still remained on the server and if anyone has the link to that file, he can access to it to view or download it. Steps to reproduce Login to the demo environment by...

CVE-2019-3850

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly in the same window. Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more...