Browse all 3 CVE security advisories affecting sakaiproject. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SakaiProject is an open-source collaboration and learning management platform used by educational institutions for course management, assignments, and academic content sharing. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and misconfigurations. The platform's security posture has been impacted by incidents such as CVE-2021-45440, which allowed unauthorized access to sensitive data, and CVE-2022-24963, enabling stored XSS attacks. These vulnerabilities highlight ongoing challenges in secure coding practices and third-party component management within academic software ecosystems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33402 | SAK-52311: Sakai site-manage group titles can contain XSS content — sakaiCWE-79 | 5.4 | - | 2026-03-26 |
| CVE-2025-62710 | Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl — sakaiCWE-337 | 5.9 | Medium | 2025-10-22 |
| CVE-2024-47876 | Sakai: Kernel users created with type roleview can login as a normal user — sakaiCWE-285 | 8.8 | - | 2024-10-15 |
This page lists every published CVE security advisory associated with sakaiproject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.