Pwncollege
Products
2- 10 CVEs
- 4 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62376 | Cri | 0.62 | — | 0.01 | Oct 14, 2025 | pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper… | ||
| CVE-2026-25117 | Hig | 0.54 | — | 0.01 | Jan 29, 2026 | pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same origin as… | ||
| CVE-2025-24886 | Hig | 0.50 | 7.7 | 0.00 | Jan 30, 2025 | pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates… | ||
| CVE-2025-24885 | Hig | 0.49 | 7.6 | 0.00 | Jan 30, 2025 | pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS. | ||
| CVE-2024-55652 | Med | 0.35 | 6.5 | 0.01 | Dec 12, 2024 | PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can… | ||
| CVE-2022-45771 | 0.02 | — | 0.02 | Dec 5, 2022 | An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. | |||
| CVE-2025-27413 | 0.00 | — | 0.01 | Feb 28, 2025 | PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal (`../`) sequences. This is problematic for the template update functionality as it… | |||
| CVE-2025-27410 | 0.00 | — | 0.02 | Feb 28, 2025 | PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included `.js`… | |||
| CVE-2025-23044 | 0.00 | — | 0.00 | Jan 20, 2025 | PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies.… | |||
| CVE-2024-55653 | 0.00 | — | 0.01 | Dec 10, 2024 | PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id… | |||
| CVE-2024-55602 | 0.00 | — | 0.01 | Dec 10, 2024 | PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (`../`) sequences into the file extension property to read arbitrary files on the… | |||
| CVE-2022-44023 | 0.00 | — | 0.01 | Oct 29, 2022 | PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. | |||
| CVE-2022-44022 | 0.00 | — | 0.01 | Oct 29, 2022 | PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. | |||
| CVE-2021-31590 | 0.00 | — | 0.03 | Jul 19, 2021 | PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user"… |
- risk 0.62cvss —epss 0.01
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper…
- risk 0.54cvss —epss 0.01
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same origin as…
- risk 0.50cvss 7.7epss 0.00
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates…
- risk 0.49cvss 7.6epss 0.00
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.
- risk 0.35cvss 6.5epss 0.01
PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can…
- CVE-2022-45771Dec 5, 2022risk 0.02cvss —epss 0.02
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file.
- CVE-2025-27413Feb 28, 2025risk 0.00cvss —epss 0.01
PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal (`../`) sequences. This is problematic for the template update functionality as it…
- CVE-2025-27410Feb 28, 2025risk 0.00cvss —epss 0.02
PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included `.js`…
- CVE-2025-23044Jan 20, 2025risk 0.00cvss —epss 0.00
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies.…
- CVE-2024-55653Dec 10, 2024risk 0.00cvss —epss 0.01
PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id…
- CVE-2024-55602Dec 10, 2024risk 0.00cvss —epss 0.01
PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (`../`) sequences into the file extension property to read arbitrary files on the…
- CVE-2022-44023Oct 29, 2022risk 0.00cvss —epss 0.01
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts.
- CVE-2022-44022Oct 29, 2022risk 0.00cvss —epss 0.01
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.
- CVE-2021-31590Jul 19, 2021risk 0.00cvss —epss 0.03
PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user"…