Prasklatechnology

Placipy

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-25875

  • EPSS 0.06%
  • Veröffentlicht 09.02.2026 21:07:15
  • Zuletzt bearbeitet 11.02.2026 19:42:50

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims (role and scope) without enforcing server-side role verification.

9.8

CVE-2026-25814

  • EPSS 0.07%
  • Veröffentlicht 09.02.2026 21:05:50
  • Zuletzt bearbeitet 18.02.2026 20:05:44

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization.

7.5

CVE-2026-25813

  • EPSS 0.05%
  • Veröffentlicht 09.02.2026 21:04:46
  • Zuletzt bearbeitet 18.02.2026 20:10:30

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction.

8.8

CVE-2026-25812

  • EPSS 0.02%
  • Veröffentlicht 09.02.2026 21:03:36
  • Zuletzt bearbeitet 18.02.2026 20:10:05

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism.

9.1

CVE-2026-25811

  • EPSS 0.04%
  • Veröffentlicht 09.02.2026 21:00:38
  • Zuletzt bearbeitet 18.02.2026 20:30:48

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. ...

9.8

CVE-2026-25809

  • EPSS 0.08%
  • Veröffentlicht 09.02.2026 20:58:09
  • Zuletzt bearbeitet 11.02.2026 19:41:44

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment...

6.5

CVE-2026-25806

  • EPSS 0.04%
  • Veröffentlicht 09.02.2026 20:48:58
  • Zuletzt bearbeitet 11.02.2026 19:41:55

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students/:email PUT /api/students/:email/status, and DELETE /api/students/:email routes in backend/src/routes/student.routes.ts only enforc...

9.1

CVE-2026-25810

  • EPSS 0.04%
  • Veröffentlicht 09.02.2026 20:48:54
  • Zuletzt bearbeitet 11.02.2026 19:41:33

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks).

9.1

CVE-2026-25876

  • EPSS 0.04%
  • Veröffentlicht 09.02.2026 20:48:50
  • Zuletzt bearbeitet 11.02.2026 19:41:23

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks). For example, this can...

9.8

CVE-2026-25753

  • EPSS 0.06%
  • Veröffentlicht 06.02.2026 19:16:10
  • Zuletzt bearbeitet 11.02.2026 19:03:15

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any a...