100 matches found
CVE-2026-25812
PlaciPy (version 1.0.0) exposes credentialed CORS and lacks CSRF protection on state-changing endpoints. The connected sources confirm this core issue but do not supply a remediation, exploit details, or vendor-specific mitigations. Practical impact: potential CSRF-style abuse where authenticated...
CVE-2026-25810
PlaciPy (educational placement system) has a vulnerability in version 1.0.0 where backend/src/routes/student.submission.routes.ts authenticates users but does not enforce object-level authorization (ownership checks). This could allow authenticated users to access or act on submissions that they ...
CVE-2026-25753
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
CVE-2026-25753
PlaciPy (educational placement system) v1.0.0 has a hard-coded, static default password for all newly created student accounts, enabling mass account takeover. The vulnerability, described across multiple sources (NVD, Red Hat, CVE lists, OSV, ENISA, Attackerkb), states that any attacker who know...
CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...
EUVD-2024-48372
Malicious code in bioql PyPI...
EUVD-2024-48371
Malicious code in bioql PyPI...
EUVD-2024-48374
Malicious code in bioql PyPI...
EUVD-2025-12586
Malicious code in bioql PyPI...
EUVD-2024-44592
Malicious code in bioql PyPI...
CVE-2024-7452
A vulnerability was found in itsourcecode Placement Management System 1.0. It has been classified as critical. This affects an unknown part of the file viewcompany.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2024-7451
A vulnerability was found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file applynow.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has bee...
CVE-2024-7450
A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resumeupload.php of the component Image Handler. The manipulation of the argument fileToUpload leads to unrestricted...
CVE-2024-46300
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting XSS via the Full Name field in registration.php...
CVE-2025-4726
A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /viewstudent.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-4724
A vulnerability, which was classified as critical, has been found in itsourcecode Placement Management System 1.0. Affected by this issue is some unknown functionality of the file /studentprofile.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely...
CVE-2025-4726
A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /viewstudent.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-4726 itsourcecode Placement Management System view_student.php sql injection
A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /viewstudent.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-4726
The CVE-2025-4726 entry concerns itsourcecode Placement Management System 1.0. A vulnerable component is the file /view_student.php, where manipulating the ID parameter enables SQL injection. The underlying issue is improper handling of the ID input, allowing a remote attacker to potentially acce...