Lucene search
K

570 matches found

Nuclei
Nuclei
added 20 hours ago12 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS5.9AI score0.00843EPSS
Exploits0References2
Nuclei
Nuclei
added 20 hours ago28 views

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.4AI score0.02251EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago44 views

LMS by Masteriyo < 1.6.8 - Information Exposure

The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. id: CVE-2023-3345 info: name: LMS by Masteriyo 1.6.8 - Information Exposure author: DhiyaneshDK...

6.5CVSS6.8AI score0.01926EPSS
Exploits2References4
EUVD
EUVD
added yesterday7 views

EUVD-2026-41793

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References7
NVD
NVD
added yesterday7 views

CVE-2026-14778

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...

7.5CVSS0.00294EPSS
Exploits0References6
NVD
NVD
added yesterday4 views

CVE-2026-14777

A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...

6.5CVSS0.00214EPSS
Exploits0References6
CVE
CVE
added 2 days ago11 views

CVE-2026-14778

The CVE concerns SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerability is in the Enrollment Management component, specifically the /ajax_enroll.php file, where manipulation of the arguments student_id, schedule_id, or action leads to improper authorization. This all...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References6
NVD
NVD
added 2 days ago6 views

CVE-2026-14775

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...

6.5CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-14776 SourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload

A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /uploadfiles.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote...

6.5CVSS0.00214EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-14775 SourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted upload

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...

6.5CVSS0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago11 views

CVE-2026-14775

A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /processlesson.php. Such manipulation of the argument userid leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2 days ago9 views

CVE-2026-14775

The CVE concerns SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function in the file /process_lesson.php where manipulation of the argument user_id leads to unrestricted upload. The attack can be launched remotely, and an exploit is publicly available. T...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References6
CVE
CVE
added 2 days ago13 views

CVE-2026-14719

CVE-2026-14719 describes a privilege-management flaw in SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerable component is the register.php file of the Registration Endpoint. An attacker can manipulate the role parameter to achieve improper privilege management, and th...

7.5CVSS6.7AI score0.00288EPSS
Exploits0References6
NVD
NVD
added 2 days ago8 views

CVE-2026-14698

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file uploadfiles.php. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

6.5CVSS0.00209EPSS
Exploits0References6
CVE
CVE
added 2 days ago10 views

CVE-2026-14698

CVE-2026-14698 affects SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0, with the vulnerability in file upload_files.php allowing unrestricted file upload after input manipulation. The CVSS metrics indicate a network-accessible, low-privilege, low-impact vulnerabilit...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-41723

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file uploadfiles.php. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

6.5CVSS5.6AI score0.00209EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-55833

Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description An unrestricted upload flaw exists within the Filename Extension component. The issue resides in the pathinfo function of the /upload files.php endpoint, whe...

6.5CVSS6.8AI score0.00214EPSS
Exploits0References9
NVD
NVD
added 5 days ago4 views

CVE-2026-27404

Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 5 days ago7 views

CVE-2026-27404

CVE-2026-27404 concerns WordPress LMS theme &lt;= 9.7 with a reflected Cross Site Scripting (XSS) vulnerability. The issue is described as unauthenticated XSS in LMS &lt;= 9.7 versions. CVSS v3.1 base score is 7.1 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L; attack vector: NET...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-54973

Name of the Vulnerable Software and Affected Versions LMS versions prior to 9.8 Description An unauthenticated Cross Site Scripting XSS issue exists, allowing an attacker to execute malicious scripts in the victim's browser without requiring authentication. Recommendations Update to a version new...

7.1CVSS6AI score0.0018EPSS
Exploits0References3
Rows per page
Query Builder