Lucene search
K

7 matches found

OSV
OSV
added 2026/05/29 10:34 p.m.7 views

GHSA-H8Q5-CP56-RR65 PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation

Summary The Platform server exposes resources under /api/v1/workspaces/workspaceid/... and protects them with a requireworkspacememberworkspaceid FastAPI dependency. The dependency only checks that the caller is a member of the workspaceid in the URL prefix. The route handlers then look up the...

9.4CVSS5.8AI score0.00043EPSS
Exploits0References2
NVD
NVD
added 2026/01/29 10:15 p.m.7 views

CVE-2026-25117

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS0.00559EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/29 9:53 p.m.4 views

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS5.8AI score0.00559EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/29 9:53 p.m.24 views

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS0.00559EPSS
Exploits0References2
OSV
OSV
added 2026/01/29 9:53 p.m.8 views

CVE-2026-25117 pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution

pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on /workspace/ routes allows challenge authors to inject arbitrary javascript which runs on the same origin as http://dojo.website. This is a sandbox...

8.3CVSS6.1AI score0.00559EPSS
Exploits0References4
CVE
CVE
added 2026/01/29 9:53 p.m.18 views

CVE-2026-25117

CVE-2026-25117 concerns pwn.college DOJO, an education platform. Before commit e33da14449a5abcff507e554f66e2141d6683b0a, sandboxing was missing on routes starting with /workspace/*, allowing a challenge author to inject arbitrary JavaScript that runs in the same origin as the DOJO site. This cons...

8.3CVSS6.1AI score0.00559EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.11 views

PT-2026-5368

Name of the Vulnerable Software and Affected Versions pwn.college DOJO versions prior to commit e33da14449a5abcff507e554f66e2141d6683b0a Description A missing sandbox implementation on routes starting with /workspace/ allows challenge authors to inject arbitrary JavaScript code. This code execute...

8.3CVSS6.1AI score0.00559EPSS
Exploits0References5
Rows per page
Query Builder