Vulnerabilidades en Praskla-Technology
10 resultadosCVE-2026-25753CRITICALPlaciPy has a Hard-Coded Default Password for All Student Accounts (Account Takeover)EPSS 0.4%CVE-2026-25814CRITICALNoSQL Injection Risk via Unsanitized Query ParametersEPSS 0.3%CVE-2026-25809MEDIUMPlaciPy Code Execution Allowed Without Assessment Active State ValidationEPSS 0.3%CVE-2026-25875CRITICALPlaciPy Admin Privilege Escalation via Trusted JWT ClaimsEPSS 0.3%CVE-2026-25811MEDIUMPlaciPy Email Domain Trust Enables Cross-Tenant Data Access (Multi-Tenant Isolation Failure)EPSS 0.3%CVE-2026-25813HIGHPlaciPy Exposes Sensitive Data via Application LogsEPSS 0.3%CVE-2026-25876MEDIUMPlaciPy is Missing Authorization on Assessment Results EndpointEPSS 0.2%CVE-2026-25810MEDIUMPlaciPy is Missing Object-Level Authorization in student.submission.routes.tsEPSS 0.2%CVE-2026-25806MEDIUMPlaciPy has Missing Authorization Checks on Student Management Endpoints (IDOR)EPSS 0.2%CVE-2026-25812CRITICALPlaciPy is Missing CSRF Protection on State-Changing EndpointsEPSS 0.1%