CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7741

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be us...

RedhatCVE•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7196

A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be...

6.5CVSS6.4AI score0.00201EPSS

RedhatCVE•added 2026/06/05 7:50 p.m.•8 views

CVE-2026-7745

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed...

RedhatCVE•added 2026/06/05 7:50 p.m.•9 views

CVE-2026-7742

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...

6.5CVSS6.5AI score0.00241EPSS

RedhatCVE•added 2026/06/05 7:50 p.m.•10 views

CVE-2026-7148

A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

6.5CVSS6.5AI score0.00241EPSS

RedhatCVE•added 2026/06/05 7:47 p.m.•7 views

CVE-2026-6033

A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been public...

6.5CVSS6.4AI score0.00205EPSS

RedhatCVE•added 2026/06/05 7:43 p.m.•7 views

CVE-2026-8097

A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may...

6.5CVSS6.4AI score0.00192EPSS

RedhatCVE•added 2026/06/05 7:32 p.m.•7 views

CVE-2026-6708

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permissioncallback of 'returntrue', which bypasses all...

5.3CVSS5.5AI score0.0031EPSS

Cvelist•added 2026/05/12 7:48 a.m.•34 views

CVE-2026-6708 HEL Online Classroom: AI-powered Online Classrooms <= 1.0.3 - Missing Authorization to Unauthenticated Arbitrary Classroom Deletion via 'id' Parameter

5.3CVSS0.0031EPSS

CNNVD•added 2026/05/12 12:0 a.m.•6 views

WordPress plugin HEL Online Classroom: AI-powered Online Classrooms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.0031EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-39962

5.3CVSS5.8AI score0.0031EPSS

Exploits0References6

Patchstack•added 2026/05/11 7:4 p.m.•6 views

WordPress HEL Online Classroom: AI-powered Online Classrooms plugin <= 1.0.3 - Missing Authorization to Unauthenticated Arbitrary Classroom Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Classroom Deletion vulnerability discovered by Legion Hunter in WordPress Plugin HEL Online Classroom: AI-powered Online Classrooms versions = 1.0.3...

5.3CVSS5.8AI score0.0031EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/07 9:30 p.m.•9 views

EUVD-2026-28443

NVD•added 2026/05/07 9:16 p.m.•13 views

Exploits0References6

CVE-2026-8097

6.5CVSS0.00192EPSS

ATTACKERKB•added 2026/05/07 8:15 p.m.•7 views

CVE-2026-8097

Exploits0References5Affected Software1

Cvelist•added 2026/05/07 8:15 p.m.•47 views

CVE-2026-8097 CodeAstro Online Classroom askquery.php sql injection

6.5CVSS0.00192EPSS

CVE•added 2026/05/07 8:15 p.m.•24 views

CVE-2026-8097

CVE-2026-8097 affects CodeAstro Online Classroom 1.0. The vulnerability is in unknown code of /askquery.php, where manipulating the squeryx argument enables SQL injection. Exploitation can be performed remotely, and public exploits exist. CVSS-derived metrics in the provided data indicate a MEDIU...

CNNVD•added 2026/05/07 12:0 a.m.•6 views

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a injection vulnerability; this vulnerability stems from the operation of the parameter squeryx in the file/askquery.php, which may lead to SQL injection attacks...

6.5CVSS6.7AI score0.00192EPSS