Excellent
Corona Norco Unified District is a primary/secondary education company based out of 1350 Valencia Rd, Corona, California, United States.
Excellent
Fairfax County Public Schools (FCPS), located in Northern Virginia, is the nationโs 9th largest public school system, serves a diverse population of more than 180,000 students in grades prekindergarten through 12. Fairfax County high schools are recognized annually by the Washington Post as being among the most challenging high schools in the U.S. FCPS is the third largest employer in Virginia, with 24,600 full-time staff positions. Outstanding benefits including medical insurance, dental insurance, retirement plans, life insurance, flexible spending accounts, sick and personal leave, disability programs, and long-term care insurance are available for eligible employees. Staff development and training is available through academy classes, in-service training, and masterโs degree cohort programs. Full-time technology support teachers are in each school; additionally, an on-line resource for FCPS students to extend learning beyond the traditional day is accessible through the 24-7 Learning System. โGreat Beginningsโ provides mentoring to all teachers new to the county, and โSavings for Staffโ incentives help to make your relocation an easy one.
Security & Compliance Standards Overview
No incidents recorded for Corona Norco Unified District in 2025.
No incidents recorded for Fairfax County Public Schools in 2025.
Corona Norco Unified District cyber incidents detection timeline including parent company and subsidiaries
Fairfax County Public Schools cyber incidents detection timeline including parent company and subsidiaries
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to be enabled by the instance administrator beforehand for the attack to work as it relies on api/query.php. An account takeover is possible by sending a change password request via the XSS payload / setting UserJS for persistence / stealing the autofill password / displaying a phishing page with a spoofed URL using history.replaceState() If the victim is an administrator, the attacker can also perform administrative actions. This issue is fixed in version 1.27.0.
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8.
go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong address routing or even ESMTP parameter smuggling. For successful exploitation, it is required that the user's code allows for arbitrary mail address input (i. e. through a web form or similar). If only static mail addresses are used (i. e. in a config file) and the mail addresses in use do not consist of quoted local parts, this should not affect users. This issue is fixed in version 0.7.1
