Lucene search
K

3644 matches found

CVE
CVE
added 2026/07/01 3:43 a.m.12 views

CVE-2026-13443

The CVE-2026-13443 entry concerns the WordPress plugin Tutor LMS (eLearning and online course solution). Affected: all versions up to and including 3.9.13. Issue: Stored Cross-Site Scripting via the Lesson Attachment Title due to insufficient input sanitization and output escaping. Impact: authen...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/01 12:0 a.m.4 views

WordPress Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure vulnerability

Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Academy LMS versions = 3.8.1...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/30 1:28 p.m.4 views

WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme LMS versions = 9.7...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/29 3:16 p.m.9 views

CVE-2026-57330

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:36 p.m.35 views

CVE-2026-57330 WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 1:36 p.m.8 views

EUVD-2026-40101

Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.8 views

CVE-2026-11773

The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.0015EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/27 6:50 a.m.9 views

EUVD-2026-39953

The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.0015EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57640

Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...

4.3CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57640 WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability

Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...

4.3CVSS0.00243EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:53 p.m.5 views

CVE-2026-57640

Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 2:53 p.m.11 views

CVE-2026-57640

CVE-2026-57640 : A Broken Access Control vulnerability affects the WordPress plugin MasterStudy LMS up to version 3.7.30 . The issue is documented with a CVSS 3.1 base score of 4.3 (Medium) and describes restricted access conditions that could permit unauthorized exposure of resources. The availa...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:0 a.m.32 views

CVE-2026-10824 Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...

0.00164EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 6:0 a.m.18 views

CVE-2026-10824

The Masteriyo LMS WordPress plugin, version before 2.2.1, has missing authorization checks in the course-progress REST API controller. This allows unauthenticated users to read and permanently delete any user’s course-progress records. The vulnerability is caused by insufficient access control in...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 1:34 p.m.2 views

OPENSUSE-SU-2026:21144-1 Security update for mbedtls

This update for mbedtls fixes the following issues: Changes in mbedtls: - Update to 3.6.6 LTS maintenance update from 3.6.1; security fixes accumulated across the 3.6.2-3.6.6 releases: CVE-2024-49195 boo1231708: buffer underrun in pkwrite when writing an opaque key pair CVE-2025-27809 boo1240051:...

9.8CVSS6.4AI score0.0199EPSS
Exploits5References27
NVD
NVD
added 2026/06/20 1:16 p.m.15 views

CVE-2026-48909

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS0.02726EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/20 11:56 a.m.33 views

CVE-2026-48909 Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS0.02726EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/06/20 11:56 a.m.8 views

CVE-2026-48909 Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

9.5CVSS6.3AI score0.02726EPSS
Exploits3References1
CVE
CVE
added 2026/06/20 11:56 a.m.104 views

CVE-2026-48909

The CVE concerns SP LMS (com_splms) for Joomla, specifically versions earlier than 4.1.4. The root cause is deserializing user-controlled cookie data without validation, which allows an unauthenticated remote attacker to execute arbitrary code on the server. No exploitation details or fixes are e...

9.5CVSS6.3AI score0.02726EPSS
Exploits3References1
NVD
NVD
added 2026/06/19 5:16 p.m.12 views

CVE-2017-20274

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS0.00237EPSS
Exploits0References2
Rows per page
Query Builder