EUVD-2024-50760

Malicious code in bioql PyPI...

PT-2025-23848 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: The issue allows a remote attacker to escalate privileges via the "/students/edit/id" endpoint. Recommendations: For Unifiedtransform version 2.0, as a temporary workaround, consider restricting acces...

CVE-2024-12306

Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level...

PT-2025-9871 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: The issue is related to Cross Site Scripting XSS in the Create assignment function, allowing attackers to execute malicious scripts in the context of other users. Recommendations: For Unifiedtransform...

CVE-2024-53573

Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/id...

CVE-2024-12307 Function-Level Access Control Vulnerability Allows Unauthorized Modification of Student Data in Unifiedtransform

A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...

CVE-2024-12306

CVE-2024-12306 concerns multiple access control vulnerabilities in Unifiedtransform, affecting version 2.0 and earlier. The issues include function-level access controls in list endpoints and object-level access controls in profile endpoints, enabling a malicious student to view personal informat...

CVE-2024-12306 Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform

Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level...

CVE-2024-12306 Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform

Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level...

CVE-2024-12305 Object-Level Access Control Vulnerability Allows Unauthorized Access to Student Grades in Unifiedtransform

An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...

CVE-2024-12305 Object-Level Access Control Vulnerability Allows Unauthorized Access to Student Grades in Unifiedtransform

An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...