Daycloud: community verdicts
5 notable / known-exploited Daycloud CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Daycloud CVE, see NVD ↗.
- CVE-2025-50585HIGH 8.8Real · low riskEPSS 0%
StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl.
- CVE-2025-50584MED 4.8EPSS 0%
StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module.
- CVE-2025-50582MED 4.8EPSS 0%
StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module.
- CVE-2025-50583MED 4.8EPSS 0%
StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module.
- CVE-2025-50586MED 6.5EPSS 0%
StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).