Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (4 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-25811 2 Praskla-technology, Prasklatechnology 2 Assessment-placipy, Placipy 2026-02-18 9.1 Critical
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.
CVE-2026-25813 2 Praskla-technology, Prasklatechnology 2 Assessment-placipy, Placipy 2026-02-18 7.5 High
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction.
CVE-2026-25812 2 Praskla-technology, Prasklatechnology 2 Assessment-placipy, Placipy 2026-02-18 8.8 High
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism.
CVE-2026-25814 2 Praskla-technology, Prasklatechnology 2 Assessment-placipy, Placipy 2026-02-18 9.8 Critical
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization.