CVE-2026-25810 PlaciPy is Missing Object-Level Authorization in student.submission.routes.ts

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization ownership checks...

CVE-2026-25810

PlaciPy (educational placement system) has a vulnerability in version 1.0.0 where backend/src/routes/student.submission.routes.ts authenticates users but does not enforce object-level authorization (ownership checks). This could allow authenticated users to access or act on submissions that they ...

CVE-2026-25810 PlaciPy is Missing Object-Level Authorization in student.submission.routes.ts

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization ownership checks...

CVE-2025-64705

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensuring proper roles and redirecting if accessed vi...

CVE-2025-64705 Frappe user was able to access the submission of other students

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensuring proper roles and redirecting if accessed vi...

Frappe Learning 信息泄露漏洞

Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. An information disclosure vulnerability exists in Frappe Learning version 2.0.0 through versions prior to 2.41.0, which stems from improper access control and could lead to viewing other students'...

CVE-2024-53258

CVE-2024-53258 affects Autolab, a course management service for auto-graded programming assignments. From v3.0.0, the existing download_all_submissions feature allows a logged-in user to download all submissions from another student, potentially leaking submissions to unauthorized users (includin...

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...