PlaciPy
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25814 | 0.00 | — | 0.00 | Feb 9, 2026 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization. | |||
| CVE-2026-25813 | 0.00 | — | 0.00 | Feb 9, 2026 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction. | |||
| CVE-2026-25812 | 0.00 | — | 0.00 | Feb 9, 2026 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism. | |||
| CVE-2026-25811 | 0.00 | — | 0.00 | Feb 9, 2026 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data… | |||
| CVE-2026-25806 | 0.00 | — | 0.00 | Feb 9, 2026 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students/:email PUT /api/students/:email/status, and DELETE /api/students/:email routes in backend/src/routes/student.routes.ts only enforce authentication using… | |||
| CVE-2026-25876 | 0.00 | — | 0.00 | Feb 9, 2026 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks). For example, this can be used to return all… | |||
| CVE-2026-25753 | 0.00 | — | 0.00 | Feb 6, 2026 | PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any… |
- CVE-2026-25814Feb 9, 2026risk 0.00cvss —epss 0.00
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization.
- CVE-2026-25813Feb 9, 2026risk 0.00cvss —epss 0.00
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction.
- CVE-2026-25812Feb 9, 2026risk 0.00cvss —epss 0.00
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism.
- CVE-2026-25811Feb 9, 2026risk 0.00cvss —epss 0.00
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data…
- CVE-2026-25806Feb 9, 2026risk 0.00cvss —epss 0.00
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students/:email PUT /api/students/:email/status, and DELETE /api/students/:email routes in backend/src/routes/student.routes.ts only enforce authentication using…
- CVE-2026-25876Feb 9, 2026risk 0.00cvss —epss 0.00
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks). For example, this can be used to return all…
- CVE-2026-25753Feb 6, 2026risk 0.00cvss —epss 0.00
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application uses a hard-coded, static default password for all newly created student accounts. This results in mass account takeover, allowing any attacker to log in as any…