VYPR

Dojo

by Pwncollege

Source repositories

CVEs (4)

  • CVE-2025-62376CriOct 14, 2025
    risk 0.62cvss epss 0.01

    pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper…

  • CVE-2026-25117HigJan 29, 2026
    risk 0.54cvss epss 0.01

    pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same origin as…

  • CVE-2025-24886HigJan 30, 2025
    risk 0.50cvss 7.7epss 0.00

    pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates…

  • CVE-2025-24885HigJan 30, 2025
    risk 0.49cvss 7.6epss 0.00

    pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.