Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/05/13 5:29 a.m.9 views

CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS5.7AI score0.00304EPSS
Exploits0References53
Vulnrichment
Vulnrichment
added 2026/04/10 5:48 p.m.3 views

CVE-2026-32930 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership Check

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 2:26 a.m.4 views

CVE-2026-30884 mdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled Key

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

9.6CVSS5.9AI score0.00168EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/18 2:26 a.m.6 views

EUVD-2026-12745

mdjnelson/moodle-modcustomcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate elements...

9.6CVSS5.8AI score0.00168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.6 views

PT-2026-26023

mdjnelson/moodle-mod customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds mod/customcert:manage in any single course can read and silently overwrite certificate element...

9.6CVSS5.8AI score0.00168EPSS
Exploits0References11
Rows per page
Query Builder