Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.11 views

CVE-2026-25876

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

9.1CVSS5.5AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 9:15 p.m.8 views

CVE-2026-25876

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

9.1CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 8:48 p.m.4 views

CVE-2026-25876

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/09 8:48 p.m.30 views

CVE-2026-25876 PlaciPy is Missing Authorization on Assessment Results Endpoint

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

5.3CVSS0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/09 8:48 p.m.6 views

CVE-2026-25876 PlaciPy is Missing Authorization on Assessment Results Endpoint

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 8:48 p.m.5 views

CVE-2026-25876 PlaciPy is Missing Authorization on Assessment Results Endpoint

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References3
CVE
CVE
added 2026/02/09 8:48 p.m.15 views

CVE-2026-25876

Technical details are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

9.1CVSS5.5AI score0.00246EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7162

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.9 views

Lunary 安全漏洞

Lunary is a production toolkit for LLM open source by lunary. A security vulnerability exists in Lunary that stems from the lack of item ID validation in SQL queries, which is prone to authentication issues and allows unauthorized users to retrieve assessment results from any organization simply ...

7.5CVSS8.2AI score0.0055EPSS
Exploits1References4
Rows per page
Query Builder