CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/08 7:16 p.m.•23 views

CVE-2026-42176 Scoold: Persistent Admin Takeover by Overwriting the admins Configuration Setting via Forged JWT (missing `jti` validation)

6.7CVSS0.00046EPSS

CVE•added 2026/05/08 7:16 p.m.•7 views

CVE-2026-42176

CVE-2026-42176 affects Scoold prior to version 1.67.0. A forged Bearer token can modify the admins setting via /api/config/set/admins, allowing an attacker to persist admin access after a restart by writing their email to scoold.admins. The change is loaded at startup, enabling administrator priv...

6.7CVSS5.7AI score0.00046EPSS

ATTACKERKB•added 2026/05/08 7:16 p.m.•4 views

CVE-2026-42176

6.7CVSS5.7AI score0.00046EPSS

Exploits0References3Affected Software1

EUVD•added 2026/05/08 7:16 p.m.•4 views

EUVD-2026-28818

6.7CVSS5.7AI score0.00046EPSS

Positive Technologies•added 2026/05/08 12:0 a.m.•5 views

PT-2026-39187

Name of the Vulnerable Software and Affected Versions Scoold versions prior to 1.67.0 Description Scoold allows the modification of the admins configuration value via the "/api/config/set/admins" endpoint using a forged Bearer token that is accepted as an admin API token. This action writes a...

6.7CVSS5.8AI score0.00046EPSS

Exploits0References5

CNNVD•added 2026/05/08 12:0 a.m.•1 views

Scoold 访问控制错误漏洞

Scoold is a team-based Q&A and knowledge-sharing platform developed by Erudika. Versions of Scoold prior to 1.67.0 contained an access control vulnerability. This vulnerability stemmed from the ability to modify administrators’ configuration values using a forged Bearer token, potentially leading...

6.7CVSS5.8AI score0.00046EPSS

Exploits0References1

RedhatCVE•added 2026/04/09 7:23 p.m.•0 views

CVE-2026-39354

Scoold is a Q and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

EUVD•added 2026/04/07 6:54 p.m.•1 views

EUVD-2026-19863

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

ATTACKERKB•added 2026/04/07 6:54 p.m.•1 views

CVE-2026-39354

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/07 6:54 p.m.•1 views

CVE-2026-39354 Scoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/ask

CVE•added 2026/04/07 6:54 p.m.•2 views

CVE-2026-39354

CVE-2026-39354 affects Scoold prior to version 1.66.2, where an authenticated low-privilege user can overwrite another user’s question by supplying the victim question’s public ID as postId to POST /questions/ask. This enables direct integrity loss in an existing discussion thread. Root cause is ...

Exploits1References1Affected Software1

Positive Technologies•added 2026/04/07 12:0 a.m.•1 views

PT-2026-30976

CNNVD•added 2026/04/07 12:0 a.m.•2 views

Exploits1References2

Scoold 安全漏洞

Scoold is a team-based Q&A and knowledge-sharing platform developed by Erudika. Versions of Scoold prior to 1.66.2 contained security vulnerabilities. These vulnerabilities were due to authorization flaws, which could allow low-privilege users to override the permissions of other users...

6.5CVSS5.8AI score0.00036EPSS

RedhatCVE•added 2026/04/03 11:2 p.m.•1 views

CVE-2026-34832

Scoold is a Q and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

6.5CVSS5.9AI score0.00139EPSS