Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

RedhatCVE
RedhatCVEadded 2025/05/25 4:12 p.m.12 views

CVE-2025-48375

Schule is open-source school management system software. Prior to version 1.0.1, the file forgotpassword.php or equivalent endpoint responsible for email-based OTP generation lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be...

8.7CVSS7.2AI score0.0042EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/05/23 3:41 p.m.8 views

CVE-2025-48375 Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS

Schule is open-source school management system software. Prior to version 1.0.1, the file forgotpassword.php or equivalent endpoint responsible for email-based OTP generation lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be...

8.7CVSS6.5AI score0.0042EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2025/05/23 12:0 a.m.3 views

PT-2025-22812 · Schule · Schule

Name of the Vulnerable Software and Affected Versions: Schule versions prior to 1.0.1 Description: The issue concerns a lack of proper rate limiting controls in the file forgot password.php, which is responsible for email-based OTP generation. This allows attackers to abuse the OTP request...

8.7CVSS6.5AI score0.0042EPSS
Exploits1References4
NVD
NVDadded 2025/05/22 9:15 p.m.13 views

CVE-2025-48373

Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...

9.1CVSS0.00324EPSS
Exploits0References2
CVE
CVEadded 2025/05/22 8:39 p.m.54 views

CVE-2025-48373

Schule has a client-side RBAC bypass prior to version 1.0.1: the app trusts data.role in the browser to redirect users to panels, allowing an attacker to set data.role to values like “admin” and access restricted areas. The root cause is insecure client-side role handling. Affected: Schule open-s...

9.1CVSS6.5AI score0.00324EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/05/22 8:39 p.m.9 views

CVE-2025-48373 Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability

Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...

8.7CVSS6.5AI score0.00324EPSS
Exploits0References2
Rows per page
Query Builder