CVE-2026-11773

CVE-2026-11773 affects the Masteriyo LMS – LMS Course Builder, Quizzes & Certificates WordPress plugin (versions up to 2.2.1). The issue is an authorization bypass where the plugin fails to verify a user’s permission, enabling authenticated attackers with student-level access and above to modify ...

WordPress Easy Student Results <=2.2.8 - Improper Authorization

WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2026-57912

Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers...

CVE-2026-57912

Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers...

CVE-2026-57912

Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers...

EUVD-2026-39643

Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers...

CVE-2026-57912

This CVE concerns the Johnson & Johnson Campus Recruiting web application (pre-2025-10-31), where data provided by recruited students and notes entered by interviewers may be viewed by unauthorized parties. The vulnerability implies an exposure of personal/student data with no available details o...

CVE-2026-12529

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote...

EUVD-2026-37780

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote...

CVE-2026-46849

Vulnerability in the PeopleSoft Enterprise CS Student Financials product of Oracle PeopleSoft component: Other. The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS...

PT-2026-50526

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description Improper access controls exist within the Student Self-Registration Endpoint in the /index.php file. This flaw allows for remote exploitation,...

PT-2026-49957

Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise CS Student Financials version 9.2.38 Description An issue in the PeopleSoft Enterprise CS Student Financials product allows a low privileged attacker with network access via HTTP to compromise the system. Successful...

CVE-2026-12175 CodeAstro Student Attendance Management System createStudents.php sql injection

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is...

CVE-2026-12175

CodeAstro Student Attendance Management System 1.0 is affected. The vulnerability resides in /attendance-php/Admin/createStudents.php where manipulating the admissionNumber parameter enables an SQL injection. It supports remote exploitation and the exploit is public. No remediation or patch detai...

CVE-2026-11583

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2026-11533

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

CVE-2026-11532

A weakness has been identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be perform...

CVE-2026-11531

A security flaw has been discovered in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/adminlogin.php of the component Administrator Login Endpoint. Performing a manipulation of the argument ausr/apwd results in s...

CVE-2026-11530

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...