Excellent
Corona Norco Unified District is a primary/secondary education company based out of 1350 Valencia Rd, Corona, California, United States.
Excellent
The mission of Charlotte-Mecklenburg Schools is to create an innovative, inclusive, student-centered environment that supports the development of independent learners. The vision of Charlotte-Mecklenburg Schools is to lead the community in educational excellence, inspiring intellectual curiosity, creativity, and achievement so that all students reach their full potential. About CMS Charlotte-Mecklenburg Schools (CMS) provides academic instruction, rigor and support each school day to more than 141,000 students in kindergarten through 12th grade in 186 schools throughout the cities and towns of Mecklenburg County. CMS believes setting high standards for all students creates a greater opportunity for future success โ in our communities, within the region and across our diverse and global society. Each day, CMS students are prepared to be leaders in a technologically savvy and globally competitive world. CMS is proud of its diverse mix of students who represent 160 different countries and various cultural and ethnic backgrounds. CMS offers an extensive range of magnet programs in 38 of its schools to nurture the talents of students who have interest and ability in specific areas. CMS also educates, supports, and meets the needs of students with learning and physical disabilities. CMS is one of the largest employers in Mecklenburg County with approximately 18,000 teachers, support staff and administrators. CMS is fortunate to have tremendous support from Charlotteโs corporate, faith and business communities and more than 90,000 mentors and volunteers that support learning and instruction in CMS classrooms. The public school system in Charlotte-Mecklenburg has a rich and intricate history. Built upon the efforts of many individuals who firmly believed in the importance of education to this community, public schools in this area have had a tremendous impact on the growth and economy of the region โ as well as the thousands of individuals it has served.
Security & Compliance Standards Overview
No incidents recorded for Corona Norco Unified District in 2025.
No incidents recorded for Charlotte-Mecklenburg Schools in 2025.
Corona Norco Unified District cyber incidents detection timeline including parent company and subsidiaries
Charlotte-Mecklenburg Schools cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to be enabled by the instance administrator beforehand for the attack to work as it relies on api/query.php. An account takeover is possible by sending a change password request via the XSS payload / setting UserJS for persistence / stealing the autofill password / displaying a phishing page with a spoofed URL using history.replaceState() If the victim is an administrator, the attacker can also perform administrative actions. This issue is fixed in version 1.27.0.
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8.
go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong address routing or even ESMTP parameter smuggling. For successful exploitation, it is required that the user's code allows for arbitrary mail address input (i. e. through a web form or similar). If only static mail addresses are used (i. e. in a config file) and the mail addresses in use do not consist of quoted local parts, this should not affect users. This issue is fixed in version 0.7.1
