| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39354 | Scoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/ask | Erudika | scoold | Medium | 6.5 | 2026-04-07 18:54:36 | Deep Dive |
| CVE-2026-34832 | Scoold: Cross-Account Feedback Deletion (IDOR) | Erudika | scoold | Medium | 6.5 | 2026-04-02 19:08:03 | Deep Dive |
| CVE-2025-49009 | Para Inserts Sensitive Information into Log File for Facebook authentication | Erudika | para | Medium | 6.2 | 2025-06-05 16:40:28 | Deep Dive |
| CVE-2025-48955 | Para Server Logs Sensitive Information | Erudika | para | Medium | 6.2 | 2025-06-02 11:11:23 | Deep Dive |
| CVE-2024-50334 | Semicolon Path Injection on API /api;/config | Erudika | scoold | - | - | 2024-10-29 14:36:13 | Deep Dive |
| CVE-2022-1848 | Business Logic Errors in erudika/para | erudika | erudika/para | 中危 | - | 2022-05-24 10:40:09 | Deep Dive |
| CVE-2022-1782 | Cross-site Scripting (XSS) - Generic in erudika/para | erudika | erudika/para | 中危 | - | 2022-05-18 09:00:14 | Deep Dive |
| CVE-2022-1543 | Improper handling of Length parameter in erudika/scoold | erudika | erudika/scoold | 高危 | - | 2022-04-29 18:10:09 | Deep Dive |