Lucene search
K

896 matches found

Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.17 views

PT-2026-51136

Name of the Vulnerable Software and Affected Versions SP LMS versions prior to 4.1.4 Description SP LMS com splms by JoomShaper contains a PHP Object injection flaw where user-controlled cookie data is deserialized without validation. Specifically, the application passes the lmsOrders cookie to a...

9.5CVSS6.3AI score0.00796EPSS
Exploits1References10
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-39598

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

8CVSS0.00221EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-42743

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS0.00144EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36837

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS5.2AI score0.00144EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.6 views

CVE-2026-42743 WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

6.5CVSS5.2AI score0.00144EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.15 views

CVE-2026-42743

The CVE concerns WordPress Masteriyo LMS plugin versions ≤ 2.1.8 with an Unauthenticated Broken Authentication vulnerability. Impact is described as low confidentiality and integrity (CVSS v3.1: 6.5, MEDIUM). The issue is in Masteriyo-LMS prior to or at 2.1.8, enabling access without authenticati...

6.5CVSS5.2AI score0.00144EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49411

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Frappe Learning Management System 注入漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.53.0 had a injection vulnerability. This vulnerability allowed authenticated users to provide malicious content in certain...

2.1CVSS5.3AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 11:54 p.m.24 views

CVE-2026-46546

Summary: CVE-2026-46546 affects Frappe LMS. Before v2.53.0, an authenticated user could insert crafted content in certain user-editable fields, which—when surfaced in page metadata—caused visitors’ browsers to navigate to an attacker-chosen URL. The issue has been patched in v2.53.0. Impact (as s...

2.1CVSS5.4AI score0.00234EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48339

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...

2.1CVSS5.3AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 6:16 p.m.10 views

CVE-2026-11552

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file importusers.php. The manipulation of the argument rawpassword with...

6.9CVSS0.00286EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/08 5:0 p.m.22 views

CVE-2026-11552 SourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file importusers.php. The manipulation of the argument rawpassword with...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 5:0 p.m.11 views

EUVD-2026-35174

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file importusers.php. The manipulation of the argument rawpassword with...

6.9CVSS5.2AI score0.00286EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.8 views

CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.4AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS5.4AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33618

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

8.8CVSS5.7AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.11 views

CVE-2026-35196

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...

8.8CVSS5.9AI score0.0176EPSS
Exploits1References1
NVD
NVD
added 2026/06/02 10:16 a.m.11 views

CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 9:43 a.m.10 views

EUVD-2025-210035

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 11:16 a.m.12 views

CVE-2026-42730

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...

8.5CVSS0.00253EPSS
Exploits0References1
Rows per page
Query Builder