cbcvebase.
CVE-2026-25811
published 2026-02-09

CVE-2026-25811: PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from…

PriorityP353critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.27%
18.4th percentile
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.

Affected

2 ranges
VendorProductVersion rangeFixed in
praskla-technologyassessment-placipy
prasklatechnologyplacipy

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.