CVE-2026-25875

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims role and scope without enforcing server-side role verification...

CVE-2026-25812

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...

CVE-2026-25813

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

CVE-2026-25812

PlaciPy (version 1.0.0) exposes credentialed CORS and lacks CSRF protection on state-changing endpoints. The connected sources confirm this core issue but do not supply a remediation, exploit details, or vendor-specific mitigations. Practical impact: potential CSRF-style abuse where authenticated...

CVE-2026-25810

PlaciPy (educational placement system) has a vulnerability in version 1.0.0 where backend/src/routes/student.submission.routes.ts authenticates users but does not enforce object-level authorization (ownership checks). This could allow authenticated users to access or act on submissions that they ...

CVE-2026-25876 PlaciPy is Missing Authorization on Assessment Results Endpoint

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...

PT-2026-7159

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...

PT-2026-7156

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization ownership checks...

CVE-2026-25753

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

CVE-2026-25753

PlaciPy (educational placement system) v1.0.0 has a hard-coded, static default password for all newly created student accounts, enabling mass account takeover. The vulnerability, described across multiple sources (NVD, Red Hat, CVE lists, OSV, ENISA, Attackerkb), states that any attacker who know...

CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

EUVD-2024-44592

Malicious code in bioql PyPI...

EUVD-2025-12586

Malicious code in bioql PyPI...

EUVD-2024-48371

Malicious code in bioql PyPI...

EUVD-2024-48372

Malicious code in bioql PyPI...

EUVD-2024-48374

Malicious code in bioql PyPI...

CVE-2024-7452

A vulnerability was found in itsourcecode Placement Management System 1.0. It has been classified as critical. This affects an unknown part of the file viewcompany.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-7451

A vulnerability was found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file applynow.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has bee...

CVE-2024-7450

A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resumeupload.php of the component Image Handler. The manipulation of the argument fileToUpload leads to unrestricted...