Prasklatechnology CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25875	2 Praskla-technology, Prasklatechnology	2 Assessment-placipy, Placipy	2026-02-11	9.8 Critical
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims (role and scope) without enforcing server-side role verification.
CVE-2026-25806	2 Praskla-technology, Prasklatechnology	2 Assessment-placipy, Placipy	2026-02-11	6.5 Medium
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students/:email PUT /api/students/:email/status, and DELETE /api/students/:email routes in backend/src/routes/student.routes.ts only enforce authentication using authenticateToken but do not enforce authorization. The application does not verify whether the authenticated user owns the student record being accessed, has an administrative / staff role, or is permitted to modify or delete the target student.
CVE-2026-25809	2 Praskla-technology, Prasklatechnology	2 Assessment-placipy, Placipy	2026-02-11	9.8 Critical
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment has started, is not expired, or the submission window is currently open.
CVE-2026-25810	2 Praskla-technology, Prasklatechnology	2 Assessment-placipy, Placipy	2026-02-11	9.1 Critical
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks).
CVE-2026-25876	2 Praskla-technology, Prasklatechnology	2 Assessment-placipy, Placipy	2026-02-11	9.1 Critical
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks). For example, this can be used to return all results for an assessment.
CVE-2026-25753	2 Praskla-technology, Prasklatechnology	2 Assessment-placipy, Placipy	2026-02-11	9.8 Critical
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any student once the password is known.

Page 1 of 1.