CVE-2026-25811

Medium CVSS: 5.3

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.

Vendor

Prasklatechnology

Product

Placipy

CWE

CWE-863

Yayın Tarihi

2026-02-09 22:16:02

Güncelleme

2026-02-18 20:30:48

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Placipy MEDIUM Prasklatechnology 2026

Referanslar

https://github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA-3gmm-9ww2-87fh

Benzer Kayıtlar

Critical

CVE-2026-25814

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query…

Critical

CVE-2026-25875

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorizatio…

Critical

CVE-2026-25812

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enable…

High

CVE-2026-25813

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs h…

Medium

CVE-2026-25810

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes…

Medium

CVE-2026-25876

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes…