79 matches found
CVE-2026-25875 PlaciPy Admin Privilege Escalation via Trusted JWT Claims
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims role and scope without enforcing server-side role verification...
CVE-2026-25875 PlaciPy Admin Privilege Escalation via Trusted JWT Claims
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims role and scope without enforcing server-side role verification...
CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...
CVE-2026-25814
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...
CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...
CVE-2026-25814
PlaciPy (educational placement system) 1.0.0 is affected by a NoSQL injection risk: user-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization. This vulnerability enables tampering with queries, potentially compromising confiden...
CVE-2026-25814 NoSQL Injection Risk via Unsanitized Query Parameters
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization...
CVE-2026-25813
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...
CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...
CVE-2026-25813
PlaciPy (educational placement system) – Affects version 1.0.0, where sensitive data is logged to console output unmasked. Root cause: logging of highly sensitive data without redaction. Impact: potential exposure of confidential information via console/log streams, with CVSS 4.0/AV:N/AC:L/PR:N/U...
CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...
CVE-2026-25813 PlaciPy Exposes Sensitive Data via Application Logs
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction...
CVE-2026-25812
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...
CVE-2026-25812 PlaciPy is Missing CSRF Protection on State-Changing Endpoints
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...
CVE-2026-25812
PlaciPy (version 1.0.0) exposes credentialed CORS and lacks CSRF protection on state-changing endpoints. The connected sources confirm this core issue but do not supply a remediation, exploit details, or vendor-specific mitigations. Practical impact: potential CSRF-style abuse where authenticated...
CVE-2026-25812 PlaciPy is Missing CSRF Protection on State-Changing Endpoints
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...
CVE-2026-25812 PlaciPy is Missing CSRF Protection on State-Changing Endpoints
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...
CVE-2026-25811 PlaciPy Email Domain Trust Enables Cross-Tenant Data Access (Multi-Tenant Isolation Failure)
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access...
CVE-2026-25811 PlaciPy Email Domain Trust Enables Cross-Tenant Data Access (Multi-Tenant Isolation Failure)
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access...
CVE-2026-25811
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access...