CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/09/18 2:32 p.m.•11 views

CVE-2025-10671 youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values

A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random...

6.3CVSS0.00401EPSS

Vulnrichment•added 2025/09/18 2:32 p.m.•3 views

CVE-2025-10671 youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values

6.3CVSS4.2AI score0.00401EPSS

CNNVD•added 2025/09/18 12:0 a.m.•2 views

e-learning 安全特征问题漏洞

e-learning is an exam system for youth-is-as-pale-as-poetry individual developers. A security feature issue vulnerability exists in e-learning version 1.0, which stems from insufficient generation of random values by the encryptSecret function in the JwtUtils.java file in the JWT Token Handler...

6.3CVSS4.8AI score0.00401EPSS

Positive Technologies•added 2025/09/18 12:0 a.m.•3 views

PT-2025-38472

Name of the Vulnerable Software and Affected Versions SourceCodester Responsive E-Learning System version 1.0 Description A SQL injection issue exists in SourceCodester Responsive E-Learning System 1.0. The Username parameter in the /admin/add teacher.php file is susceptible to manipulation,...

9.8CVSS7.7AI score0.00441EPSS

Exploits1References10

Positive Technologies•added 2025/09/18 12:0 a.m.•3 views

PT-2025-38404

Name of the Vulnerable Software and Affected Versions youth-is-as-pale-as-poetry e-learning version 1.0 Description A vulnerability exists due to insufficiently random values generated by the encryptSecret function within the JWT Token Handler component. The vulnerable file is...

6.3CVSS4.4AI score0.00401EPSS

Exploits0References6

OSV•added 2025/05/27 12:15 a.m.•3 views

CVE-2025-5213

A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deletefile.php. The manipulation of the argument ID leads to sql injection. The attack can be launched...

9.8CVSS5.8AI score0.00412EPSS

NVD•added 2025/05/27 12:15 a.m.•9 views

CVE-2025-5213

9.8CVSS0.00412EPSS

Cvelist•added 2025/05/26 11:31 p.m.•18 views

CVE-2025-5213 projectworlds Responsive E-Learning System delete_file.php sql injection

7.5CVSS0.00412EPSS

Vulnrichment•added 2025/05/26 11:31 p.m.•10 views

CVE-2025-5213 projectworlds Responsive E-Learning System delete_file.php sql injection

7.5CVSS7.3AI score0.00412EPSS

CVE•added 2025/05/26 11:31 p.m.•51 views

CVE-2025-5213

CVE-2025-5213 affects projectworlds Responsive E-Learning System 1.0. The vulnerability is an SQL injection in an unknown functionality of the file /admin/delete_file.php caused by improper handling of the ID argument. It can be exploited remotely and the exploit has been disclosed publicly. Impa...

9.8CVSS7.5AI score0.00412EPSS

Exploits1References4Affected Software1

CNNVD•added 2025/05/26 12:0 a.m.•4 views

Projectworlds Responsive E-Learning System 安全漏洞

Projectworlds Responsive E-Learning System is a responsive e-learning system from Projectworlds India. A security vulnerability exists in Projectworlds Responsive E-Learning System version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter ID in the file...

9.8CVSS7.8AI score0.00412EPSS

Positive Technologies•added 2025/05/26 12:0 a.m.•4 views

PT-2025-22942 · Unknown · Projectworlds Responsive E-Learning System

Name of the Vulnerable Software and Affected Versions: projectworlds Responsive E-Learning System version 1.0 Description: A critical issue has been identified in the system, affecting an unknown functionality of the file /admin/delete file.php. The manipulation of the ID argument leads to SQL...

9.8CVSS7.5AI score0.00412EPSS

Exploits1References12

RedhatCVE•added 2025/05/23 9:54 a.m.•9 views

CVE-2024-28198

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

7.5CVSS6.9AI score0.00431EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 8:33 a.m.•2 views

CVE-2024-50840

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the classname parameter...

5.4CVSS6.1AI score0.00407EPSS

RedhatCVE•added 2025/05/23 8:32 a.m.•7 views

CVE-2024-50832

A SQL Injection vulnerability was found in /admin/editclass.php in kashipara E-learning Management System Project 1.0 via the classname parameter...

7.2CVSS8.2AI score0.0058EPSS

RedhatCVE•added 2025/05/23 8:31 a.m.•7 views

CVE-2024-50829

A SQL Injection vulnerability was found in /admin/editsubject.php in kashipara E-learning Management System Project 1.0 via the unit parameter...

7.2CVSS8.2AI score0.00379EPSS

RedhatCVE•added 2025/05/23 8:12 a.m.•11 views

CVE-2024-54923

A SQL Injection vulnerability was found in /admin/editteacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter...

9.8CVSS10AI score0.00571EPSS