4 matches found
CVE-2026-25962
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...
CVE-2026-25962
MarkUs (web application for student submissions and grading) is vulnerable prior to version 2.9.4 due to zip extraction without size or entry-count limits. This can allow a DoS via crafted zip uploads (e.g., for configuration or submissions). The issue is patched in version 2.9.4. If exploiting, ...
CVE-2026-24900
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...
CVE-2026-25057
CVE-2026-25057 affects MarkUs prior to version 2.9.1. Instructors can upload a zip file to create an assignment from an exported configuration, and the zip entry names are used to construct paths for writing files to disk without validating those paths. This can allow arbitrary path usage during ...