Security Intel Hub 54+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Filter

KEV only

Verified PoC

Clear filters

High

Stored XSS via Profile File Upload: Malicious Script Execution

github.com · 2026-02-07

## Stored Cross-Site Scripting (XSS) via Profile File Upload ### Summary An attacker can upload a malicious file containing embedded JavaScript that is executed when the file is accessed directly. Thi…

Critical

i-Educar Final Status Import BFLA Vulnerability Analysis

github.com · 2026-02-06

i-Educar Final Status Import tool

High

i-Educar BFLA Vulnerability: Cross-School Student Record Modification via Import Tool

github.com · 2026-02-06

i-Educar (Final Status Import Tool)

High

i-educar agenda.php Post-Auth SQL Injection Vulnerability Analysis

github.com · 2025-11-20

i-educar <= 2.10.0

High

i-educar CVE-2025-65023 Authenticated SQL Injection

CVE-2025-65023 · github.com · 2025-11-20

i-educar <=2.10.0

High

i-educar intranet SQL Injection Vulnerability (CVE-2025-65024) Analysis

CVE-2025-65024 · github.com · 2025-11-20

i-educar <= 2.10.0

High

I-Educar Broken Access Control Vulnerability (CVE-2025-11050)

CVE-2025-11050 · github.com · 2025-09-28

i-educar

High

I-Educar /unificacao-aluno Broken Access Control Vulnerability (CVE-2025-11049)

CVE-2025-11049 · github.com · 2025-09-28

### Key Information #### Vulnerability Type - Broken Access Control #### Vulnerability Description - A broken access control vulnerability was identified in the `/unificacao-aluno` endpoint. - This vu…

High

i-Educador /consulta-dispensas Broken Access Control Vulnerability (CVE-2025-11048)

CVE-2025-11048 · github.com · 2025-09-28

i-educar

High

i-Educar BOLA Vulnerability (CVE-2025-10607): Unauthorized Access to Academic Data

CVE-2025-10607 · github.com · 2025-09-19

i-Educar

Medium

i-Educator Reflected XSS Vulnerability (CVE-2025-10605)

CVE-2025-10605 · github.com · 2025-09-19

### Key Information #### Vulnerability Type - Reflected Cross-Site Scripting (XSS) #### Vulnerability Description - A reflected Cross-Site Scripting (XSS) vulnerability was identified in the `tipoacao…

High

I-Educar Broken Access Control Vulnerability (CVE-2025-10608)

CVE-2025-10608 · github.com · 2025-09-19

I-Educar

Medium

Educar Reflected XSS Vulnerability (CVE-2025-10099) with PoC

CVE-2025-10099 · github.com · 2025-09-10

i-educar

High

I-Educar Broken Access Control Vulnerability (CVE-2023-10070)

CVE-2025-10070 · github.com · 2025-09-10

i-educar

Medium

I-Educar Broken Access Control in Batch Cancellation Endpoint (CVE-2025-10071)

CVE-2025-10071 · github.com · 2025-09-10

i-educar

Medium

I-Educator BOLA Vulnerability (CVE-2025-10073) with PoC

CVE-2025-10073 · github.com · 2025-09-09

i-educar

Unknown

i-Educar Stored XSS Vulnerability (CVE-2025-10074) with PoC

CVE-2025-10074 · github.com · 2025-09-09

### Key Information #### Vulnerability Type - **Cross-Site Scripting (XSS) Stored** #### Affected Endpoint - `/usuarios/tipos/(ID)` #### Parameters - "Tipos de Usuário" - "Descrição" #### Vulnerabilit…

High

i-Educar Broken Access Control in /exportacao-para-o-seb (CVE-2025-10013)

CVE-2025-10013 · github.com · 2025-09-07

### Key Information #### Vulnerability Type - Broken Access Control #### Vulnerability Description - A broken access control vulnerability was discovered in the /exportacao-para-o-seb endpoint of the …

High

I-Educar BFLA Vulnerability (CVE-2025-9760): Low-Privilege User Can Delete Student Registration Records

CVE-2025-9760 · github.com · 2025-09-02

I-Educar

Medium

Multiple Stored XSS Vulnerability Disclosure by Karina Gente

github.com · 2025-09-01

i-educar

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.

Goal Reached Thanks to every supporter — we hit 100%!

Security Intel Hub 54+