Lucene search
K

2146 matches found

Nuclei
Nuclei
added yesterday13 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS6.1AI score0.00843EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday15 views

LearnPress < 4.2.7.4 - Course Material - Information Disclosure

LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. id: CVE-2024-11868 info: name: LearnPress 4.2.7.4 -...

5.3CVSS7AI score0.01131EPSS
Exploits0References1
Cvelist
Cvelist
added last week33 views

CVE-2026-14772 SourceCodester Class and Exam Timetabling System edit_course1.php sql injection

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

7.5CVSS0.00269EPSS
Exploits0References6
CVE
CVE
added last week13 views

CVE-2026-14772

CVE-2026-14772 affects SourceCodester Class and Exam Timetabling System 1.0/1.php. The vulnerability is a SQL injection in the edit_course1.php file, triggered by manipulating the ID parameter, indicating an unsafe query construction in that function. The issue is exploitable remotely and the pub...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
NVD
NVD
added 2026/07/04 7:16 p.m.8 views

CVE-2026-14641

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /editcourse.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit h...

7.5CVSS0.00416EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/04 6:30 p.m.31 views

CVE-2026-14641 SourceCodester Class and Exam Timetabling System edit_course.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /editcourse.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit h...

7.5CVSS0.00416EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/04 6:30 p.m.10 views

EUVD-2026-41689

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /editcourse.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit h...

7.5CVSS6.9AI score0.00416EPSS
Exploits0References7
CVE
CVE
added 2026/07/04 6:30 p.m.19 views

CVE-2026-14641

SourceCodester Class and Exam Timetabling System 1.0 is affected by a SQL injection in the unknown functionality of /edit_course.php, triggered by manipulating the ID parameter. The vulnerability can be exploited remotely and has publicly disclosed exploits. The exact affected component, impact s...

7.5CVSS6.9AI score0.00416EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.15 views

PT-2026-55724

Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit course.php endpoint where manipulation of the ID variable allows for remote SQL injection. SQL injection is a technique where malicious SQL...

7.5CVSS7.1AI score0.00416EPSS
Exploits0References11
CVE
CVE
added 2026/07/02 5:35 a.m.18 views

CVE-2026-5348

The CVE concerns the WordPress plugin Academy LMS (WordPress LMS Plugin for Complete eLearning Solution) up to version 3.8.1. The root cause is the REST API endpoint /topics being registered with a permission callback of __return_true, which permits unauthenticated access to course curriculum dat...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.38 views

CVE-2026-5348 Academy LMS <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to 'returntrue',...

5.3CVSS0.00262EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.7 views

CVE-2026-5348

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to 'returntrue',...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/01 4:32 a.m.6 views

EUVD-2026-40906

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.9.1 via the 'userId' parameter due to missing validation on a user controlled key. This makes it possible for...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References8
NVD
NVD
added 2026/06/29 2:16 p.m.9 views

CVE-2026-13566

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...

7.5CVSS0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:15 p.m.8 views

CVE-2026-13566

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...

7.5CVSS7AI score0.00263EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/29 12:15 p.m.7 views

EUVD-2026-40077

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 12:15 p.m.11 views

CVE-2026-13566

SourceCodester Class and Exam Timetabling System 1.0 contains an SQL injection in the /preview3.php script triggered by manipulating the course_year_section parameter. The issue is exploitable remotely, with a publicly available exploit. The provided documents do not specify the vulnerable hostin...

7.5CVSS7AI score0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 2:30 a.m.9 views

EUVD-2026-40024

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /preview4.php. Such manipulation of the argument courseyearsection leads to sql injection. The attack may be launched remotely. The exploit has been...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 2:30 a.m.18 views

CVE-2026-13527

CVE-2026-13527 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is in an unknown function within /preview4.php where manipulating the argument course_year_section enables SQL injection. The attack can be launched remotely, and the exploit has been disclosed publicly...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 2:16 a.m.9 views

CVE-2026-13521

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument courseyearsection leads to sql injection. The attack may be performed from remote...

7.5CVSS0.00269EPSS
Exploits0References6
Rows per page
Query Builder