CVE-2026-2064

A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such manipulation of the argument File leads to cross site scripting. It is possible to launch the atta...

CVE-2025-65023

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

EUVD-2025-198233

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...

PT-2025-47473

Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0 Description i-Educar is school management software with a flaw that allows an authenticated attacker to execute arbitrary SQL commands against the application's database. This is due to improper handling of th...

PT-2025-47475

Name of the Vulnerable Software and Affected Versions i-Educar versions prior to 2.10.0 Description i-Educar is school management software with a flaw that allows an authenticated attacker to execute arbitrary SQL commands against the application's database. This is due to a time-based SQL...

CVE-2025-11554

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack...

EUVD-2025-26265

Malicious code in bioql PyPI...

CVE-2025-10608

CVE-2025-10608 affects Portabilis i-Educar up to 2.10. The vulnerability arises from manipulation of an unknown function in the /enrollment-history/ file, causing improper access controls. Exploitation is possible remotely, and exploit code/public information exists according to multiple sources....

CVE-2025-10607 Portabilis i-Educar diarioApi information disclosure

A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used...

CVE-2025-10590

A security flaw has been discovered in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educarusuariodet.php. The manipulation of the argument refpessoa results in cross site scripting. The attack can be executed remotely. The exploit has been...

CVE-2025-10590 Portabilis i-Educar educar_usuario_det.php cross site scripting

A security flaw has been discovered in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educarusuariodet.php. The manipulation of the argument refpessoa results in cross site scripting. The attack can be executed remotely. The exploit has been...

PT-2025-38105

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10. The issue is related to cross site scripting in the file /intranet/educar calendario anotacao cad.php. Manipulation of the ...

CVE-2025-10372

A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /intranet/educarmodulocad.php. This manipulation of the argument nmtipo/descricao causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2025-10372

CVE-2025-10372 affects Portabilis i-Educar up to version 2.10. The vulnerability is an XSS caused by manipulation of the nm_tipo/descricao argument in the file /intranet/educar_modulo_cad.php, which can be triggered remotely. Public exploit code is available. Remediation mentioned across sources ...

CVE-2025-10074 Portabilis i-Educar tipos cross site scripting

A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly...

CVE-2025-10073 Portabilis i-Educar turma improper authorization

A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-10072

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/IDSTUDENT/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and cou...

CVE-2025-10013

A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used...

CVE-2025-10013

A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used...