CVE-2026-9219 Setracker2 Children's Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...

CVE-2025-13934 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is due to a missing capability check and purchasability validation in the courseenrollment AJAX handler. This makes it possib...

WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass vulnerability

WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.3 - Missing Authorization to Authenticated Subscriber+ Course Enrollment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...

UBUNTU-CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

Moodle 授权问题漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. An authorization issue vulnerability exists in Moodle, which stems from the fact that a student can bypass security checks a...

BIT-EJBCA-2020-28942

An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates for the RA, not the end user to a limited set of allowed CAs, th...

Information disclosure

An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates for the RA, not the end user to a limited set of allowed CAs, th...