CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

100 matches found

Academy LMS 6.2 - SQL Injection

A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument pricemin/pricemax leads to sql injection. The attack may be...

9.8CVSS6.4AI score0.41071EPSS

Exploits3References5

RedhatCVE•added 2025/12/16 8:44 p.m.•3 views

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

5.4CVSS6.1AI score0.00019EPSS

Exploits1References1

OSV•added 2025/12/15 9:15 p.m.•2 views

CVE-2023-53876

5.4CVSS5.7AI score0.00019EPSS

Exploits1References3

Vulnrichment•added 2025/12/15 8:28 p.m.•2 views

CVE-2023-53876 Academy LMS 6.1 Arbitrary File Upload Vulnerability via Profile Settings

5.1CVSS5.8AI score0.00019EPSS

Exploits1References3

Positive Technologies•added 2025/12/15 12:0 a.m.•4 views

PT-2025-51294

Name of the Vulnerable Software and Affected Versions Academy LMS version 6.1 Description Academy LMS version 6.1 has a file upload issue. Authenticated users can upload malicious SVG files containing stored cross-site scripting payloads. An attacker can inject malicious scripts through the profi...

5.4CVSS6AI score0.00019EPSS

Exploits1References7

EUVD•added 2025/11/08 9:31 a.m.•3 views

EUVD-2025-38366

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8 via the 'enqueuesocialloginscript' function. This makes it possible for unauthenticated attackers to extract...

5.3CVSS5.4AI score0.00053EPSS

Exploits0References4

EUVD•added 2025/11/08 9:31 a.m.•5 views

EUVD-2025-38367

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.8 via deserialization of untrusted input in the 'importallcourses' function. This makes it possible for authenticated...

7.2CVSS6.5AI score0.00311EPSS

Exploits0References5

NVD•added 2025/11/08 9:15 a.m.•3 views

CVE-2025-12099

7.2CVSS0.00311EPSS

Exploits0References3

Vulnrichment•added 2025/11/08 8:27 a.m.•3 views

CVE-2025-12099 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses'

7.2CVSS6.5AI score0.00311EPSS

Exploits0References3

CVE•added 2025/10/14 12:0 a.m.•4 views

CVE-2025-56747

Affected software : Creativeitem Academy LMS (versions up to 5.13). Vulnerability : Privilege escalation in the Api_instructor controller where regular authenticated users can access instructor-only functions due to missing/incorrect role validation, enabling unauthorized course creation and mana...

6.5CVSS6.6AI score0.0006EPSS

Exploits1References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-54005