2108 matches found
EUVD-2026-39186
The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...
CVE-2026-10824
The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...
CVE-2026-10824 Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion
The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records...
CVE-2026-10824
The Masteriyo LMS WordPress plugin, version before 2.2.1, has missing authorization checks in the course-progress REST API controller. This allows unauthenticated users to read and permanently delete any user’s course-progress records. The vulnerability is caused by insufficient access control in...
Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference
Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...
LearnPress < 4.2.7.4 - Course Material - Information Disclosure
LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. id: CVE-2024-11868 info: name: LearnPress 4.2.7.4 -...
RISC-V-In-Proactive-computer-Security-PCS-
Exploring RISC-V in Proactive Computer Security PCS PUK pro...
CVE-2026-47106
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...
CVE-2026-47106 Ellucian Banner Self-Service Stored XSS via getFacultyMeetingTimes API
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...
EUVD-2026-35796
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...
CVE-2026-47106
CVE-2026-47106 affects Ellucian Banner Self-Service prior to the April T2 release. The issue is a stored cross-site scripting (XSS) vulnerability in the course search functionality caused by missing HTML encoding during DOM insertion. Malicious JavaScript can be stored in fields such as faculty d...
Ellucian Banner Self-Service 跨站脚本漏洞
Ellucian Banner Self-Service is a higher education self-service platform developed by the American company Ellucian. Versions of Ellucian Banner Self-Service prior to 2025-04-23 had a cross-site scripting vulnerability. This vulnerability stemmed from the course search function not being...
CVE-2026-8502
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
CVE-2026-8502
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
EUVD-2026-34952
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
CVE-2026-8502 LearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' Parameters
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
CVE-2026-8502 LearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' Parameters
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
CVE-2026-8502
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...
CVE-2025-67259
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...
CVE-2026-5537
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function checksel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...