Browse all 8 CVE security advisories affecting MarkUsProject. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25962 | MarkUs: Zip bomb in config upload enables DoS — MarkusCWE-409 | 6.5 | Medium | 2026-03-06 |
| CVE-2026-27807 | MarkUs: YAML alias (‘billion laughs’) DoS in config upload — MarkusCWE-776 | 4.9 | Medium | 2026-03-06 |
| CVE-2026-28405 | MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions — MarkusCWE-79 | 8.0 | High | 2026-03-05 |
| CVE-2026-25057 | Zip Slip in MarkUs config upload allowing RCE — MarkusCWE-23 | 9.1 | Critical | 2026-02-09 |
| CVE-2026-24900 | MarkUs has a submission-view IDOR exposes all student submissions — MarkusCWE-639 | 6.5 | Medium | 2026-02-09 |
| CVE-2024-51743 | Arbitrary File Write leading up to remote code execution (instructor accounts) — MarkusCWE-434 | 8.8AI | HighAI | 2024-11-18 |
| CVE-2024-51499 | MarkUs Arbitrary File Write leading up to remote code execution (student accounts) — MarkusCWE-434 | 8.8AI | HighAI | 2024-11-18 |
| CVE-2024-47820 | MarkUs vulnerable to Path Traversal — MarkusCWE-22 | 5.7 | Medium | 2024-11-18 |
This page lists every published CVE security advisory associated with MarkUsProject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.