Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.6 views

CVE-2026-25753

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.8CVSS5.4AI score0.00356EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 7:16 p.m.8 views

CVE-2026-25753

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.8CVSS0.00356EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/06 6:57 p.m.5 views

CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.3CVSS5.5AI score0.00356EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 6:57 p.m.6 views

CVE-2026-25753

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.3CVSS5.4AI score0.00356EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/06 6:57 p.m.4 views

EUVD-2026-5623

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.3CVSS5.4AI score0.00356EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 6:57 p.m.17 views

CVE-2026-25753

PlaciPy (educational placement system) v1.0.0 has a hard-coded, static default password for all newly created student accounts, enabling mass account takeover. The vulnerability, described across multiple sources (NVD, Red Hat, CVE lists, OSV, ENISA, Attackerkb), states that any attacker who know...

9.8CVSS5.4AI score0.00356EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/06 6:57 p.m.6 views

CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.3CVSS5.4AI score0.00356EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 6:57 p.m.32 views

CVE-2026-25753 PlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the...

9.3CVSS0.00356EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.9 views

PlaciPy 安全漏洞

PlaciPy is an open-source employment management system developed by Praskla Technology. It aims to simplify the employment processes for students, trainers, and administrators in educational institutions. Version 1.0.0 of PlaciPy contains a security vulnerability. This vulnerability stems from th...

9.8CVSS5.8AI score0.00356EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6779

Name of the Vulnerable Software and Affected Versions PlaciPy version 1.0.0 Description PlaciPy, a placement management system for educational institutions, uses a hard-coded, static default password for all newly created student accounts in version 1.0.0. This allows for mass account takeover,...

9.8CVSS5.4AI score0.00356EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/01 2:16 p.m.4 views

CVE-2025-65669

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction...

9.1CVSS7.1AI score0.00428EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/26 9:31 p.m.4 views

EUVD-2025-199746

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction...

6.6AI score0.00428EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.11 views

PT-2025-48177

Name of the Vulnerable Software and Affected Versions classroomio version 0.1.13 Description Student accounts can delete courses from the Explore page without proper authorization or authentication. This bypasses the restriction that course deletion should only be possible for administrators. The...

9.1CVSS6.5AI score0.00428EPSS
Exploits1References8
CVE
CVE
added 2025/11/26 12:0 a.m.21 views

CVE-2025-65669

Summary: CVE-2025-65669 affects classroomio 0.1.13, where student accounts can delete courses from the Explore page without authorization, bypassing admin-only checks. Root cause (as described): missing authorization checks in the delete path. Impact: potential unauthorized course deletion with h...

9.1CVSS6.8AI score0.00428EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:32 a.m.4 views

CVE-2023-1480

A vulnerability classified as critical was found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument un leads to sql injection...

9.8CVSS8.1AI score0.00738EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/18 7:52 p.m.21 views

CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

7.1CVSS7.9AI score0.00696EPSS
Exploits0References2
Veracode
Veracode
added 2017/07/27 5:38 a.m.22 views

Privilege Escalation

Moodle is vulnerable to privilege escalations. On big installations, when the sync script was run it would improperly assign a manager role to suspended student accounts, granting these accounts the same access rights as a manager role...

6.8CVSS7.1AI score0.01567EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder