VYPR
Vendor

Schule

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2025-48375MedMay 23, 2025
    risk 0.34cvss 5.3epss 0.00

    Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This…

  • CVE-2025-48373CriMay 22, 2025
    risk 0.00cvss 9.1epss 0.00

    Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the…

  • CVE-2025-48372HigMay 22, 2025
    risk 0.00cvss 7.3epss 0.00

    Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only…