CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

PT-2025-3401 · Moss · Moss

Name of the Vulnerable Software and Affected Versions: Moss version v0.1.3 Description: The issue is related to an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter. This vulnerability can be exploited by injecting malicious input int...