VYPR
Vendor

Erudika

Products
2
CVEs
7
Across products
7
Status
Private

Products

2

Recent CVEs

7
  • CVE-2026-39354MedApr 7, 2026
    risk 0.35cvss 6.5epss 0.00

    Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to…

  • CVE-2026-34832MedApr 2, 2026
    risk 0.35cvss 6.5epss 0.00

    Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST…

  • CVE-2025-49009MedJun 5, 2025
    risk 0.33cvss 6.2epss 0.00

    Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log…

  • CVE-2025-48955MedJun 2, 2025
    risk 0.33cvss 6.2epss 0.00

    Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence…

  • CVE-2024-50334Oct 29, 2024
    risk 0.01cvss epss 0.01

    Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data.…

  • CVE-2022-1543Apr 29, 2022
    risk 0.00cvss epss 0.01

    Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.

  • CVE-2021-46372Feb 18, 2022
    risk 0.00cvss epss 0.01

    Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters.