Filtered by vendor Erudika
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48955 | 1 Erudika | 1 Para | 2025-06-24 | 6.2 Medium |
| Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue. | ||||
| CVE-2025-49009 | 1 Erudika | 1 Para | 2025-06-20 | 6.2 Medium |
| Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue. | ||||
| CVE-2022-1848 | 1 Erudika | 1 Para | 2024-11-21 | 5.3 Medium |
| Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. | ||||
| CVE-2022-1782 | 1 Erudika | 1 Para | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11. | ||||
| CVE-2022-1543 | 1 Erudika | 1 Scoold | 2024-11-21 | 8.8 High |
| Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. | ||||
| CVE-2021-46372 | 1 Erudika | 1 Scoold | 2024-11-21 | 5.4 Medium |
| Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters. | ||||
| CVE-2024-50334 | 1 Erudika | 1 Scoold | 2024-11-08 | 5.3 Medium |
| Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type: application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false. | ||||
Page 1 of 1.