Lucene search
+L

9 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-50520

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00469EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 10:32 a.m.11 views

CVE-2024-52584

Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs hav...

7.1CVSS6.9AI score0.00247EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 8:26 a.m.17 views

CVE-2024-49376

Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their...

8.8CVSS6.8AI score0.00454EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 7:13 a.m.11 views

CVE-2024-53260

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS6.9AI score0.00462EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 11:40 p.m.11 views

CVE-2022-41955

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionalit...

8.8CVSS7.8AI score0.01495EPSS
Exploits0References1
osv
osv
added 2024/11/27 9:28 p.m.19 views

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS6.8AI score0.00462EPSS
Exploits0References4
cvelist
cvelist
added 2024/11/18 8:43 p.m.37 views

CVE-2024-52584 Autolab has vulnerable submission endpoints

Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs hav...

7.1CVSS0.00247EPSS
Exploits0References2
cve
cve
added 2023/05/26 10:42 p.m.41 views

CVE-2023-32317

Autolab’s CVE-2023-32317 describes a tar-slip vulnerability in the MOSS cheat checker. An authenticated instructor can upload a crafted tar file via either the Base File Tar or Additional file archive inputs, causing expansion of archive contents to attacker-controlled paths (e.g., ../../../../tm...

7.2CVSS6.7AI score0.00887EPSS
Exploits0References3Affected Software1
cnvd
cnvd
added 2023/01/17 12:0 a.m.26 views

Autolab path traversal vulnerability

Autolab is a course management service. Autolab supports automatic grading of programming assignments. a path traversal vulnerability exists in Autolab. An attacker could exploit this vulnerability to view the contents of a file...

6.5CVSS4.6AI score0.01768EPSS
Exploits0References1
Rows per page
Query Builder