Lucene search
+L

571 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.5 views

CVE-2025-71179

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...

6.1CVSS5.3AI score0.0202EPSS
Exploits4References5
EUVD
EUVD
added 2026/01/28 5:35 p.m.4 views

EUVD-2020-30890

ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to...

6.9CVSS5.9AI score0.00186EPSS
Exploits1References4
NVD
NVD
added 2026/01/26 6:16 p.m.9 views

CVE-2020-36960

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...

6.4CVSS0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/16 12:0 a.m.5 views

CVE-2025-69581

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...

6.1AI score0.00213EPSS
Exploits2References2
Patchstack
Patchstack
added 2026/01/13 1:32 p.m.8 views

WordPress WPLMS plugin <= 1.9.9.5.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WPLMS versions = 1.9.9.5.4...

8.1CVSS7AI score0.00479EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.10 views

CVE-2022-38553

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the Search parameter...

6.1CVSS6AI score0.02316EPSS
Exploits2References1
HackRead
HackRead
added 2025/12/22 12:12 p.m.8 views

How an LMS Cloud Model Supports Scalable Learning

There's a new era for training and development programs, making the LMS Learning Management System cloud model the…...

7AI score
Exploits0
EUVD
EUVD
added 2025/12/18 9:30 a.m.4 views

EUVD-2025-204080

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS6.5AI score0.00311EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:16 a.m.4 views

CVE-2025-64214

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.27 views

CVE-2025-64270 WordPress Masteriyo - LMS plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through = 2.0.3...

6.5CVSS0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.3 views

CVE-2025-64270 WordPress Masteriyo - LMS plugin <= 2.0.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from n/a through = 2.0.3...

6.5CVSS6.5AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.3 views

CVE-2025-64214 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

7.5CVSS6.6AI score0.00311EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.9 views

WordPress plugin Masteriyo - LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

6.5CVSS6.3AI score0.00281EPSS
Exploits0References1
OSV
OSV
added 2025/12/12 7:48 p.m.6 views

CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...

5.1CVSS5.9AI score0.00143EPSS
Exploits0References4
NVD
NVD
added 2025/12/12 8:15 a.m.8 views

CVE-2025-67730

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.4CVSS0.00147EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 7:23 a.m.7 views

CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.1CVSS6.4AI score0.00147EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.6 views

Frappe Learning Management System 跨站脚本漏洞

Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning Management System versions prior to 2.42.0, which stems from malicious HTML and JavaScript that can be injected into t...

5.4CVSS5.9AI score0.00147EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.10 views

PT-2025-50902

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.42.0 Description Frappe Learning Management System LMS allows authenticated users to inject malicious HTML and JavaScript code through description fields within the Job, Course, and Bat...

5.4CVSS5.8AI score0.00147EPSS
Exploits0References6
CVE
CVE
added 2025/12/05 6:26 p.m.15 views

CVE-2025-66581

Frappe LMS (versions before 2.41.0) has a server-side authorization flaw where endpoints relied on client-side checks, allowing authenticated low-privilege users (e.g., students) to perform actions outside their roles via the API. The issue is fixed in 2.41.0. Affected component: server-side perm...

6.5CVSS6.2AI score0.00181EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.8 views

PT-2025-49307

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.41.0 Description A flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. The affected endpoint...

5.3CVSS6.5AI score0.00181EPSS
Exploits0References4
Rows per page
Query Builder